CVE-2021-47739

CVE Database · CVE-2021-47739

CVE-2021-47739

· HIGHDeferred

CVSS v3.1

8.4

CVSS v4.0

8.5

EPSS

0.17%

Published

Dec 23, 2025

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute with LocalSystem privileges during application startup.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-428

References (5)

https://www.easy.ac

https://www.epicgames.com

https://www.exploit-db.com/exploits/49841

https://www.vulncheck.com/advisories/epic-games-easy-anti-cheat-local-privilege-escalation-via-unquoted-service-path

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5652.php

KEV Catalog EPSS Scores Vendors All CVEs