- Description
- Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.
- Source
- twcert@cert.org.tw
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- twcert@cert.org.tw
- CWE-269
- Hype score
- Not currently trending
⚠️Vulnerabilidad corregida en productos Acer ❗CVE-2025-5491 ➡️Más info: https://t.co/sMsamMUXlN https://t.co/70ao7rPKeQ
@CERTpy
23 Jun 2025
185 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Acer Control Center vulnerability (CVE-2025-5491) allows remote attackers to run malicious code as SYSTEM via misconfigured Windows Named Pipes. Patches (4.00.3058+) fix this. Keep systems updated! 🚨 #Security #Acer #USA https://t.co/mPe2tnJXZi
@TweetThreatNews
13 Jun 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5491 Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. Howe… https://t.co/4gBmZIVWmu
@CVEnew
13 Jun 2025
360 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-5491: HIGH] Acer ControlCenter has a Remote Code Execution vulnerability due to a misconfigured Windows Named Pipe, allowing remote users to execute code on the system with elevated privileges.#cve,CVE-2025-5491,#cybersecurity https://t.co/3mQQVeRyIy https://t.co/3QmKCL
@CveFindCom
13 Jun 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes