Acer has released a critical security update addressing a newly disclosed local privilege escalation vulnerability in its ControlCenter utility that could allow remote, unauthenticated attackers to execute code as NT AUTHORITY\SYSTEMβthe highest level of privilege on Windows.
Tracked as CVE-2025-5491, this flaw carries a CVSS score of 8.8 (High) and affects ControlCenter versions 4.00.3000 to 4.00.3056.
βThis process exposes a Windows Named Pipe using a custom protocol to invoke functions within service. The aforementioned Named Pipe is misconfigured such that remote, unauthenticated users may interact with it,β the advisory explains.
At the heart of the issue is ACCSvc.exe, a background service installed with Acer ControlCenter that runs as NT AUTHORITY\SYSTEM. This process exposes a Windows Named Pipeβan inter-process communication mechanismβusing a custom protocol that allows users to invoke service functions.
Unfortunately, this pipe is misconfigured to allow remote access without authentication, giving attackers an open door to abuse one of the serviceβs more dangerous features:
βOne feature of the service is to invoke arbitrary executables as NT AUTHORITY\SYSTEM. Using this, remote attackers are able to run arbitrary code on remote hosts in a privileged context,β Acer confirmed.
Acer has released a patched version: 4.00.3058, which remediates the misconfiguration and tightens control over the Named Pipe feature set.
Acer has released a new version of Acer Control Center to address this concern. You can find the latest version on our Drivers and Manuals site.