overwolf CVE Vulnerabilities & Metrics

Focus on overwolf vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About overwolf Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with overwolf. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total overwolf CVEs: 5
Earliest CVE date: 24 Jul 2020, 17:15 UTC
Latest CVE date: 04 Sep 2024, 13:15 UTC

Latest CVE reference: CVE-2024-7834

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical overwolf CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.4

Max CVSS: 9.3

Critical CVEs (≥9): 3

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	1
7.0-8.9	0
9.0-10.0	3

CVSS Distribution Chart

Top 5 Highest CVSS overwolf CVEs

These are the five CVEs with the highest CVSS scores for overwolf, sorted by severity first and recency.

CVE-2021-33501 overwolf Published on 19 Jul 2021, 12:15 UTC (CVSS: 9.3)
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.
CVE-2020-25214 overwolf Published on 16 Oct 2020, 20:15 UTC (CVSS: 9.3)
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.
CVE-2020-15932 overwolf Published on 24 Jul 2020, 17:15 UTC (CVSS: 9.0)
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
CVE-2021-20726 overwolf Published on 24 May 2021, 04:15 UTC (CVSS: 4.4)
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
CVE-2024-7834 overwolf Published on 04 Sep 2024, 13:15 UTC (CVSS: 0)
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.

All CVEs for overwolf

CVE-2024-7834 overwolf vulnerability CVSS: 0 04 Sep 2024, 13:15 UTC

A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.

CVE-2021-33501 overwolf vulnerability CVSS: 9.3 19 Jul 2021, 12:15 UTC

Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.

CVE-2021-20726 overwolf vulnerability CVSS: 4.4 24 May 2021, 04:15 UTC

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.

CVE-2020-25214 overwolf vulnerability CVSS: 9.3 16 Oct 2020, 20:15 UTC

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.

CVE-2020-15932 overwolf vulnerability CVSS: 9.0 24 Jul 2020, 17:15 UTC

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.