threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gog galaxy
Product
gog galaxy
16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-56232
all versions
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy ca
6.8
MEDIUM
CVE-2022-31262
>= 2.0.46 and <= 2.0.51
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an at
7.8
HIGH
CVE-2021-26807
all versions
GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which a
7.8
HIGH
CVE-2020-24574
>= 2.0.13 and <= 2.0.41
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege esc
7.8
HIGH
CVE-2020-7352
>= 1.2.0 and <= 1.2.64
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software
8.4
HIGH
CVE-2020-11827
< 1.2.67
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker
7.8
HIGH
CVE-2020-15529
all versions
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or per
7.8
HIGH
CVE-2020-15528
all versions
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a
7.8
HIGH
CVE-2019-15511
< 1.2.60
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper
7.8
HIGH
CVE-2018-4048
all versions
An exploitable local privilege elevation vulnerability exists in the file system permissions of the
Temp
directory in GOG Galaxy
7.8
HIGH
CVE-2018-4053
all versions
An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 fo
5.5
MEDIUM
CVE-2018-4052
all versions
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for
5.5
MEDIUM
CVE-2018-4051
all versions
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47
5.5
MEDIUM
CVE-2018-4049
all versions
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory
7.8
HIGH
CVE-2018-3974
all versions
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An
7.8
HIGH
CVE-2018-4050
all versions
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin