Insecure Permissions in Epic Games Psyonix Rocket League
CVE-2021-47742

8.5HIGH

Key Information:

Vendor

Epic Games Inc.

Status
Epic Games Psyonix Rocket League
Vendor
CVE Published:
31 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2021-47742?

Epic Games' Psyonix Rocket League before version 1.95 contains a vulnerability related to insecure permissions. This issue permits authenticated users to alter executable files, leveraging full access permissions assigned to the 'Authenticated Users' group. This could lead to unauthorized modifications of critical system files and potentially enable attackers to escalate privileges within the system. The flaw underscores the importance of rigorous permission management and the need for continuous security assessment in game applications.

Affected Version(s)

Epic Games Psyonix Rocket League <=1.95

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47742 - Proof of Concept

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-56...
third-party-advisory
https://packetstormsecurity.com/files/162435
exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/201128
vdb-entry

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LiquidWorm as Gjoko Krstic of Zero Science Lab
JSON
.
CVE-2021-47742 : Insecure Permissions in Epic Games Psyonix Rocket League