CVE-2025-5491 HIGH

CVE-2025-5491: Acer ControlCenter - Remote Code Execution

Vendor Acer
Product ControlCenter
Weakness CWE-269
Published June 13, 2025
Last update June 13, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.

Key dates

02Disclosure timeline

June 13, 2025 CVE published
June 13, 2025 Record updated

Related vulnerabilities

04Related CVE