Primary

Context

Epic Games Psyonix Rocket League Insecure Permissions Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in Epic Games Psyonix Rocket League versions through 1.95, allowing authenticated users to modify executable files due to insecure permissions. The 'Authenticated Users' group is granted full access, enabling potential escalation of system privileges by replacing executables with malicious binaries.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of executable files, allowing for the introduction of malicious code that could be executed with elevated privileges.

Reproduction

The vulnerability can be reproduced by an authenticated user who has access to the 'Authenticated Users' group. Once logged in, the user can take advantage of the full access permissions to modify executable files in the Rocket League installation directory.

Added: Dec 31, 2025, 7:25 PM

Updated: Dec 31, 2025, 8:59 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.6

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.6

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Epic Games Psyonix Rocket League Insecure Permissions Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

Epic Games Psyonix Rocket League

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating