Untrusted Search Path in Epic Games Launcher by Epic Games
CVE-2025-0567

2LOW

Key Information:

Vendor

Epic Games

Status
Launcher
Vendor
CVE Published:
19 January 2025

What is CVE-2025-0567?

A vulnerability has been identified in the Epic Games Launcher affecting version up to 17.2.1. This issue pertains to the profapi.dll library associated with the Installer component. An attacker with local access may exploit this vulnerability through an untrusted search path, potentially allowing unauthorized actions within the system. However, the process of exploitation is complex and presents significant challenges, making successful attacks less likely.

Affected Version(s)

Launcher 17.2.0

Launcher 17.2.1

References

https://vuldb.com/?id.292528
vdb-entry
https://vuldb.com/?ctiid.292528
signaturepermissions-required
https://vuldb.com/?submit.481104
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
JSON
.
CVE-2025-0567 : Untrusted Search Path in Epic Games Launcher by Epic Games