CVE-2021-47742

high

Description

Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' (Full) flag for the 'Authenticated Users' group to change executable files and potentially escalate system privileges.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5650.php

https://www.vulncheck.com/advisories/epic-games-psyonix-rocket-league-elevation-of-privileges-via-insecure-permissions

https://www.rocketleague.com/

https://packetstormsecurity.com/files/162435

https://exchange.xforce.ibmcloud.com/vulnerabilities/201128

Details

Source: Mitre, NVD

Published: 2025-12-31

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.5

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00027