← back
CVE-2025-0567

Epic Games Launcher Installer profapi.dll untrusted search path

CVSS 2 LOWEPSS 0.2%CWE-426
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Epic Games · Launcher

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vuldb.com/?ctiid.292528https://vuldb.com/?id.292528https://vuldb.com/?submit.481104