Several Call of Duty: WWII players on PC are reporting being hacked mid-game via a Remote Code Execution (RCE) exploit, just days after the title was added to Microsoft’s Game Pass lineup.
The reports suggest that attackers are able to remotely run code on victims’ machines during gameplay, raising serious concerns about the security of the game’s PC version.
The first wave of user complaints emerged on July 2, 2025, just two days after Call of Duty: WWII was made available through Game Pass on PC. Prominent players and streamers have since taken to social media to document incidents where attackers allegedly took control of their systems, ranging from forcibly shutting down PCs to opening up explicit content on secondary monitors. The exploit appears to be linked to WWII's multiplayer functionality, with some players claiming that hackers were able to spoof their Gamertags and disconnect them from online sessions.
Reports were initially amplified by popular streamer BAMS (@Bamslol), who warned followers that the title is “not safe to play” after experiencing a real-time attack. Other users shared similar stories, with one post mentioning that the attacker had triggered Notepad popups and forced a PC restart, while another noted the apparent ease of obtaining players’ IPs due to WWII’s continued reliance on peer-to-peer matchmaking.
Call of Duty: WWII was originally released in 2017 by Sledgehammer Games and published by Activision. It represents one of the franchise's returns to historical settings, featuring World War II-themed single-player and multiplayer gameplay. Its recent addition to Microsoft’s Game Pass library came as part of a broader rollout of legacy Call of Duty titles ahead of the expected 2025 CoD installment.
Security researchers and the gaming community have raised red flags about RCE vulnerabilities in older CoD games for years, particularly those using outdated networking models or insufficient input sanitization. However, it was widely assumed that titles re-released via official platforms like the Microsoft Store would include security patches. Some users noted that other Game Pass versions, like Black Ops III, received security improvements, and WWII was expected to follow suit.
To date, Activision has not issued any public statement addressing the alleged RCE vulnerabilities in WWII. Ten Call of Duty games were briefly taken offline for maintenance earlier today, including WWII, but there’s no confirmation this was in response to the reported hacks. The scope of the issue remains unclear, and there’s no confirmation on whether all affected users were running unmodified versions of the game or if third-party tools could have played a role. None of the victims have indicated use of custom mods or software that could explain the attacks, suggesting the vulnerability may reside in the base game or the Game Pass release itself.
For now, users should exercise extreme caution before launching Call of Duty: WWII on PC, particularly the Game Pass version. Until Activision or Microsoft provides clarity, players are advised to avoid online multiplayer sessions in WWII, disable inbound firewall rules related to the game, and keep an antivirus and endpoint protection software running while playing the game.
Leave a Reply