{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-61973", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2025-10-08T15:59:25.342Z", "datePublished": "2026-01-15T15:19:48.838Z", "dateUpdated": "2026-02-26T15:04:07.661Z"}, "containers": {"cna": {"affected": [{"vendor": "Epic Games", "product": "Epic Games Store", "versions": [{"version": "14.6.2.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE", "cweId": "CWE-284"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-01-15T15:19:48.838Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279"}], "credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2279"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-01-15T17:10:47.428Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-61973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-16T04:55:52.523863Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:07.661Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2279"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-01-15T17:10:47.428Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-61973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-16T04:55:52.523863Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T17:56:02.357Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Epic Games", "product": "Epic Games Store", "versions": [{"status": "affected", "version": "14.6.2.0"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279"}], "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-01-15T15:19:48.838Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61973", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:04:07.661Z", "dateReserved": "2025-10-08T15:59:25.342Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-01-15T15:19:48.838Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges."}, {"lang": "es", "value": "Una vulnerabilidad de escalada de privilegios local existe durante la instalaci\u00f3n de Epic Games Store a trav\u00e9s de la Microsoft Store. Un usuario con pocos privilegios puede reemplazar un archivo DLL durante el proceso de instalaci\u00f3n, lo que puede resultar en una elevaci\u00f3n de privilegios no intencionada."}], "id": "CVE-2025-61973", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2026-01-15T16:16:11.320", "references": [{"source": "talos-cna@cisco.com", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2279"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"created": "2026-01-16T13:43:31.162110+00:00", "updated": "2026-01-16T13:43:31.162162+00:00", "vendors": ["epic_games", "epic_games$PRODUCT$epic_games_store"]}