Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe.
The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service.
Acer has released patched versions (4.00.3058+) to address the issue.
This post is licensed under CC BY 4.0 by the author.