VYPR
Vendor

Gog.com

Products
4
CVEs
10
Across products
12
Status
Private

Products

4

Recent CVEs

10
  • CVE-2022-31262HigAug 17, 2022
    risk 0.51cvss 7.8epss 0.00

    An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in…

  • CVE-2020-15529HigJul 5, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.

  • CVE-2020-15528HigJul 5, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.

  • CVE-2018-4049HigApr 2, 2019
    risk 0.51cvss 7.8epss 0.00

    An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute…

  • CVE-2018-3974HigApr 2, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary…

  • CVE-2018-4053MedApr 2, 2019
    risk 0.36cvss 5.5epss 0.00

    An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable.

  • CVE-2018-4052MedApr 2, 2019
    risk 0.36cvss 5.5epss 0.00

    An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user.

  • CVE-2018-4051MedApr 2, 2019
    risk 0.36cvss 5.5epss 0.00

    An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing…

  • CVE-2020-7352HigAug 6, 2020
    risk 0.03cvss 8.4epss 0.04

    The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating…

  • CVE-2025-56232Nov 5, 2025
    risk 0.00cvss epss 0.00

    GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle (MitM) attack to intercept update requests and replace installer or update packages with malicious files.