Recently, players have noticed a security flaw in multiple Paradox Interactive games. The games include Hearts of Iron IV, Europa Universalis IV, Crusader Kings II, and Victoria II.
The discovery was posted on Reddit by u/HappyNTH last week. Paradox Interactive has been alerted of the security flaw and is working on a solution for all of the affected games.
User u/HappyNTH mentioned that they found out about the exploit through senior mod developers in the Hearts of Iron IV community, and personally witnessed the flaw. After seeing the issue, u/HappyNTH reported the problem to Paradox Interactive.
The publisher doesn’t know how long the exploit has been active.
The security flaw primarily affects users who have installed mods. The original post states, “The flaw allows mods to run arbitrary code on your machine, allowing the mod to do almost anything: including, but not limited to, installing a proper virus on your machine.”
The flaw can currently be used by a new workshop upload or as an update to any previously installed mod.
The flaws have been confirmed in Hearts of Iron IV, Europa Universalis IV, Crusader Kings II, and Victoria II but may be present in other titles from Paradox Interactive.
The publisher suggests that users currently using mods not play their games until the patch has been released.
After being aware of the exploit, Paradox Interactive has been hard at work patching the issue. The Head of Communications for Paradox, u/konbendith, updated the Reddit post, stating: “The studio is working on a fix of the issue right now. It is, of course, top priority and will be sorted as soon as possible. To the best of our knowledge, the flaw has been spotted, but not exploited. To be safe though, we recommend not updating or adding new mods until we’ve deployed a fix.”
So far, Patch 3.3.2 was released for Crusader Kings II. The patch was created to fix the security flaw, but also as a test for other updates. If the patch works, then it will be rolled out for Hearts of Iron IV and Europa Universalis IV as soon as possible.
The release date for the patches is unknown, but Paradox Interactive considers resolving the flaws is a priority. Until the patches are confirmed as working, players using mods should not play any of the affected games.