CVE-2025-0567 LOW

CVE-2025-0567: Epic Games Launcher Installer profapi.dll untrusted search path

Vendor Epic Games
Product Launcher
Weakness CWE-426
Published January 19, 2025
Last update January 21, 2025

CVSS base score

2.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult.

Key dates

02Disclosure timeline

January 19, 2025 CVE published
January 21, 2025 Record updated