RCE Exploit Discovered in Call of Duty: WW2

A New Vulnerability Has Been Discovered in Sledgehammer Games 2017 title

PC gamers are reporting that a brand new vulnerability is being exploited in the 2017 Sledgehammer Games title of Activision’s most popular video game franchise. This news began with a variety of posts on the social media platform X when multiple prominent members and content creators in the Call of Duty community brought it to light that their computers were being manually controlled by hackers after playing the game.

What is an RCE:

a Remote Code Execution (RCE) is an vulnerability exploit wherein code can be executed remotely on a victim’s computer. In the context of online gaming, attackers find bad or unsecure systems in the game’s networking functionality which bridges the gap between the attacker’s network and the victim’s- allowing the attacker to gain access to the victim’s computer just by being in the same server/lobby.

Call of Duty’s Prior History with RCEs and WW2

RCE exploits are not new to Call of Duty on PC or multiplayer games in general. In fact, due to how common these exploits are on older or unsupported Call of Duty titles there has been initiatives by third party developers to create safer unofficial clients with regular security updates to the fans’ favorite games, however the legalities of these clients are a grey area and many have been hit with cease & desists and threats of legal action such as X labs- most notable for its IW4x Modern Warfare 2 (2009) client which was forced to shutdown in May 2023 for “infringement of Activision’s copyright”

This new RCE exploit for WW2 was discovered on July 3rd, 2025 and although very few reports have been confirmed so far, it poses a significant problem- Activision-Blizzard and with it, the rights to Call of Duty were purchased by MGS, a division of Microsoft in 2022 and the company has gradually added Call of Duty titles to its own Xbox Game Pass, a subscription service that grants access to a catalogue of games cf. Netflix for video games instead of movies. Call of Duty: WW2 was the most recent addition to this catalogue added just this June which generated more traffic to the game’s overall player count. While concerning, most hackers who take advantage of these vulnerabilities use them to play benign childish pranks such as opening links to pornography on the victims computer which was a common occurrence with an abused RCE for Call of Duty: Black Ops 2 (2012) however the potential for real damage such as physical PC hardware being rendered useless or stolen usernames and passwords of players are legitimate concerns.

It is unclear whether or not Activision or Microsoft will address this issue as the former’s lack of care for previous vulnerabilities is readily apparent but this could pose liability and legal issues for the companies given how recent the addition to the Game Pass was. Until it is either addressed or fixed, it is advisable to stay away from the PC version of WW2 on Game Pass and if you decide not to, use anti-exploit software and run regular antivirus scans.

If I am on console will this issue affect me?

No. While security vulnerabilities like the RCE are possible, they are harder to exploit and rarer due to the regularly updated firmware of consoles like Microsoft’s Xbox amd Sony’s PlayStation. This vulnerability specifically exists on Call of Duty: WW2 on Xbox Game Pass for PC.

https://insider-gaming.com/call-of-duty-ww2-rce-exploits-on-pc/