#remote-code-execution

#remote-code-execution

Activision has brought Call of Duty: World War II back to the Microsoft Store and Xbox PC App after it was removed more than a month ago, though the company has still not said a word about what happened. A statement released on August 27 confirmed that the 2017 game has returned, and is once again available for PC Game Pass players. However, there was no explanation as to anything else related to the game's removal on July 4.

CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain CVE-2024-8069 (CVSS score: 5.1) - A deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server

The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6) by the chipmaker back in June 2025.

The game is not safe to play on PC right now, there's an RCE exploit, which allows hackers the ability to plant malware capable of essentially taking control of a victim's device.

A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user.

These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities.