The arrival of Call of Duty: WW2 to the Xbox Game Pass catalog for PC was big news and excited millions of fans of the series. But that joy was short-lived.
Everything fell apart when a serious security issue was discovered: a vulnerability that hackers were exploiting to break into players' computers and access their personal information.
As a result, Activision and Microsoft had no choice but to temporarily remove the game and shut down the PC servers while they thoroughly investigate what happened.
What happened to Call of Duty: WW2 and why was playing it a risk?
When Call of Duty: WW2 arrived on Xbox Game Pass on June 30, 2025, many fans celebrated it as a great addition to the catalog, both on console and PC. But the excitement quickly turned to concern.
A few hours after launch, reports began to appear on social media and forums such as Reddit: several players noticed strange behavior on their computers when playing the PC version. Something was wrong.
What was discovered was quite serious: the game had a vulnerability known as RCE (Remote Command Execution), one of the most dangerous security flaws that can affect an online environment.
To explain it simply: an RCE allows a hacker to execute commands on your computer as if they were sitting in front of it. That includes everything from opening or deleting files, installing programs, to stealing your data or taking complete control of the system.
Cybersecurity company Cloudflare explains it this way: “The ability to execute code controlled by an attacker can be used to steal information, install malware, or cause damage to the affected system.”
In the case of CoD: WW2, that meant someone could hack into your PC simply by being in the same multiplayer game.
The alert went viral when videos began circulating that clearly showed the problem: in one of them, a player showed how, after being eliminated in a game, his screen went black. Then, his desktop appeared altered and programs opened without him doing anything. Everything indicated that his computer had been remotely controlled.
These types of attacks are not common in such well-known games and, of course, should not go unnoticed. That's why the community reacted quickly, and shortly after, Activision and Microsoft decided to temporarily withdraw the game and shut down its PC servers to investigate what was happening.
Why was this bug in Call of Duty: WW2 so serious?
The RCE exploit issue is not new to the Call of Duty series. It has appeared in other titles, but the fact that it was still present in WW2 and that the game recently arrived on Xbox Game Pass made everything more dangerous and much more visible.
Both security experts and players in the community began to analyze the problem, and everything pointed to how the game handles communication between players in online matches. This way of managing commands left a gap that hackers could exploit quite easily.
The result? Cybercriminals were able to sneak into multiplayer lobbies, inject malicious code, and execute actions directly on the computers of everyone who was connected.
One of the most striking cases was shown by a user who, on July 2, shared a video showing how a hacker, using this exploit, took complete control of a room: changing player names in real time and executing commands on their PCs.
This was no longer just a matter of ruining the game: we are talking about real risks to device security and user privacy.
Read more: Cyberattack on Cosmetics Company in Mexico Exposes User Data
Activision and Microsoft pull the game and shut down servers
As reports piled up and videos of the hacks started circulating all over the internet, concern grew among Game Pass players, especially on PC.
During the first few hours, Activision didn't say anything officially, which made many wonder if they were aware of the problem or just ignoring it. But under pressure from the community and given the severity of the attacks, they took swift action.
On July 5, 2025, the official Call of Duty Updates account announced that the WW2 servers for PC on Game Pass would be shut down. This meant that online play was no longer possible, although the single-player campaign remained available to those who already had the game installed.
But that wasn't all. They also temporarily removed the game from the Game Pass catalog for PC, explaining that they needed to thoroughly investigate the source of the exploit and work on a patch that would ensure the safety of all users before re-enabling it.
For now, millions of players are waiting to find out how big the problem was, how many people were affected, and when the game will be available again with guaranteed security.
In the meantime, Call of Duty: WW2 continues to run normally on Xbox Series X|S, Xbox One, PlayStation 4, and the Steam store for PC. But if you were playing it through Game Pass on PC, you'll have to wait until further notice. There is no official date for its return.