Remote Code Execution Vulnerability in Acer ControlCenter
CVE-2025-5491

8.7HIGH

Key Information:

Vendor

Acer

Status
Controlcenter
Vendor
CVE Published:
13 June 2025

What is CVE-2025-5491?

A vulnerability in Acer ControlCenter allows remote attackers to exploit misconfigured Windows Named Pipe permissions. This misconfiguration permits low-privilege users to access internal functionalities, including the execution of arbitrary programs with elevated NT AUTHORITY/SYSTEM privileges. Consequently, exploiting this vulnerability could enable malicious actors to execute arbitrary code on the affected system, compromising its security and integrity.

Affected Version(s)

ControlCenter 4.00.3000 <= 4.00.3056

References

https://www.twcert.org.tw/tw/cp-132-10180-36818-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-10181-933ae-2.html
third-party-advisory
https://community.acer.com/en/kb/articles/18243-misconfig...
vendor-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Orange Cyberdefense
.
CVE-2025-5491 : Remote Code Execution Vulnerability in Acer ControlCenter