Thursday, May 8, 2025
HomeCVE/vulnerabilityMarvel Game Vulnerability Exposes PCs & PS5s to Remote Takeover Attacks

Marvel Game Vulnerability Exposes PCs & PS5s to Remote Takeover Attacks

Published on

SIEM as a Service

Follow Us on Google News

A severe security vulnerability has been uncovered in the popular video game Marvel Rivals, raising major concerns for both PC and PlayStation 5 players.

The exploit, discovered by a security researcher, enables attackers to remotely take control of devices on the same network, exposing players to significant cyber threats.

Exploit Details

The researcher discovered a fault in Marvel Rivals’ hotfix patching system, which utilizes Remote Code Execution (RCE) to update the game.

- Advertisement - Google News

Alarmingly, the game fails to confirm whether it’s communicating with an official server, leaving a door wide open for malicious actors.

To make matters worse, the game runs with administrative privileges on PCs, supposedly to support its anti-cheat features.

This combination of poor server verification and elevated permissions renders the vulnerability particularly dangerous.

RCE exploits are among the most critical security flaws because they allow attackers to execute arbitrary code on the victim’s system.

Through this Marvel Rivals vulnerability, a hacker connected to the same Wi-Fi network could execute malicious tasks on a player’s device, whether it’s a PC or PS5, with potentially devastating consequences.

“I found a game exploit that lets hackers take over your PC,” the researcher explained. “It’s shocking how little thought game developers often put into securing players.”

PS5 Players Are Not Safe Either

The vulnerability isn’t limited to PC users. The exploit also creates an entry point for PlayStation 5 devices, posing a threat to console gamers.

A proof-of-concept (POC) highlighting the attack on the PS5 has already been demonstrated, with the researcher sharing their findings in detail on YouTube.

This discovery further highlights the gaming industry’s persistent challenges with cybersecurity. The researcher criticized game developers for their lack of focus on security measures.

“In the past year, I’ve found critical bugs in at least five popular games—three of which are still unaddressed because developers either don’t care or can’t be reached,” they lamented.

The absence of bug bounty programs in many game companies exacerbates the issue, discouraging ethical reporting of vulnerabilities. Instead, potential hackers and cheat creators benefit, from exploiting these flaws for profit.

The discovery of this exploit involved contributions from security experts like AeonLucid, LukeFZ, nitro, and sanktanglia, who supported the analysis of network encryption.

For now, players of Marvel Rivals are urged to avoid public or unsecured networks and ensure their systems remain updated.

This alarming vulnerability is a wake-up call for the gaming industry to prioritize security and adopt stricter protective measures to safeguard players.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...