CVE-2025-61973
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Talos

Description
A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61973
EUVD
EUVD-2026-2749
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
epic_games epic_games_store 14.6.2.0
unknown_vendor dxsetup 4.9.0.0904
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-61973 is a local privilege escalation vulnerability occurring during the installation of the Epic Games Store via the Microsoft Store. During installation, a process called DXSETUP.exe runs with SYSTEM privileges and creates a temporary folder in the user's %TEMP% directory where it writes a DLL file named dxupdate.dll. Because this temporary folder is writable by low-privilege users, an attacker can replace the legitimate dxupdate.dll with a malicious DLL. When DXSETUP.exe loads this malicious DLL, it executes code with SYSTEM-level privileges, allowing the attacker to escalate their privileges on the system. [1]

Impact Analysis

This vulnerability can allow a low-privilege user to gain SYSTEM-level privileges on the affected machine. This means an attacker could execute arbitrary code with the highest system privileges, potentially leading to full system compromise, unauthorized access to sensitive data, installation of persistent malware, or disruption of system operations. [1]

Detection Guidance

This vulnerability can be detected by monitoring the creation and modification of the dxupdate.dll file in the temporary folder created by DXSETUP.exe under the user's %TEMP% directory during the Epic Games Store installation. Using tools like Process Monitor to log file system activity can help identify if dxupdate.dll is replaced or modified by a low-privilege user. Additionally, checking for unexpected files created with SYSTEM privileges, such as C:\pwned.txt as demonstrated in the exploit, can indicate exploitation. Specific commands are not provided, but monitoring file writes and permissions in the %TEMP% directory during installation is recommended. [1]

Mitigation Strategies

Immediate mitigation steps include applying the patch released on 2025-11-06 by the vendor to fix the vulnerability. Until patched, restrict low-privilege users from having write access to the temporary folder created by DXSETUP.exe during installation, or avoid installing the Epic Games Store version 14.6.2.0 or DXSETUP.exe version 4.9.0.0904. Monitoring installation processes and ensuring that only trusted users can perform installations can also reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61973. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart