【Vulnerability Alert】Acer ControlCenter Remote Code Execution Vulnerability

• Subject: 【Vulnerability Alert】Acer ControlCenter Remote Code Execution Vulnerability

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000009
  • 【Acer ControlCenter - Remote Code Execution】(CVE-2025-5491, CVSS: 8.8) Acer ControlCenter has a Remote Code Execution vulnerability. The program provides functionality through a custom Windows Named Pipe. However, this Named Pipe is improperly configured, allowing remote users with low privileges to interact with it and access related functions. One of these functions allows arbitrary programs to be executed as NT AUTHORITY/SYSTEM, enabling an attacker to execute arbitrary code with elevated privileges on the target system.

• Affected Platforms:
  • ControlCenter versions 4.00.3000 to 4.00.3056

• Suggested Measures:
  • Update to version 4.00.3058 (inclusive) or later

• References:
  • https://www.twcert.org.tw/tw/cp-132-10180-36818-1.html

Computer and Communications Center
Network Systems Division, Sincerely