Marvel Game Vulnerability Exposes PCs & PS5s to Remote Takeover Attacks

A severe security vulnerability has been uncovered in the popular video game Marvel Rivals, raising major concerns for both PC and PlayStation 5 players.

The exploit, discovered by a security researcher, enables attackers to remotely take control of devices on the same network, exposing players to significant cyber threats.

Exploit Details

The researcher discovered a fault in Marvel Rivals’ hotfix patching system, which utilizes Remote Code Execution (RCE) to update the game.

Alarmingly, the game fails to confirm whether it’s communicating with an official server, leaving a door wide open for malicious actors.

To make matters worse, the game runs with administrative privileges on PCs, supposedly to support its anti-cheat features.

This combination of poor server verification and elevated permissions renders the vulnerability particularly dangerous.

RCE exploits are among the most critical security flaws because they allow attackers to execute arbitrary code on the victim’s system.

Through this Marvel Rivals vulnerability, a hacker connected to the same Wi-Fi network could execute malicious tasks on a player’s device, whether it’s a PC or PS5, with potentially devastating consequences.

“I found a game exploit that lets hackers take over your PC,” the researcher explained. “It’s shocking how little thought game developers often put into securing players.”

PS5 Players Are Not Safe Either

The vulnerability isn’t limited to PC users. The exploit also creates an entry point for PlayStation 5 devices, posing a threat to console gamers.

A proof-of-concept (POC) highlighting the attack on the PS5 has already been demonstrated, with the researcher sharing their findings in detail on YouTube.

This discovery further highlights the gaming industry’s persistent challenges with cybersecurity. The researcher criticized game developers for their lack of focus on security measures.

“In the past year, I’ve found critical bugs in at least five popular games—three of which are still unaddressed because developers either don’t care or can’t be reached,” they lamented.

The absence of bug bounty programs in many game companies exacerbates the issue, discouraging ethical reporting of vulnerabilities. Instead, potential hackers and cheat creators benefit, from exploiting these flaws for profit.

The discovery of this exploit involved contributions from security experts like AeonLucid, LukeFZ, nitro, and sanktanglia, who supported the analysis of network encryption.

For now, players of Marvel Rivals are urged to avoid public or unsecured networks and ensure their systems remain updated.

This alarming vulnerability is a wake-up call for the gaming industry to prioritize security and adopt stricter protective measures to safeguard players.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free