Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest
  • Security & Privacy News

    GIGABYTE Control Center vulnerable to arbitrary file write flaw

    Karlston

    By Karlston,
    Published Date:

    • 230 views
    • 2 minutes
     Share
    • 230 views
    • 2 minutes

    The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts.

     

    The hardware maker says that successful exploitation could potentially lead to code execution on the underlying system, privilege escalation, and a denial-of-service condition.

     

    The GIGABYTE Control Center (GCC), which comes pre-installed on all the company’s laptops and motherboards, is GIGABYTE’s all-in-one Windows utility that lets users manage and configure their hardware.

     

    It supports hardware monitoring, fan control, performance tuning, RGB lighting control, driver and firmware updates, and device management.

     

    A feature in the Control Center is “pairing,” which allows the tool to communicate with other devices or services over the network. Systems with the 'pairing' option enabled on Control Center versions 25.07.21.01 and earlier are exposed to attacks.

     

    “When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation,” warned Taiwan’s CERT.

     

    The issue, tracked as CVE-2026-4415, was discovered by SilentGrid security researcher David Sprüngli. Based on the CVSS v4.0 scoring system, the issue has a critical severity rating (9.2 out of 10).

     

    Users are recommended to upgrade to the latest version of Control Center, currently 25.12.10.01, which includes fixes for download path management, message processing, and command encryption to effectively mitigate the vulnerability.

     

    “Customers are strongly advised to upgrade to the latest GCC version immediately,” the vendor warns in the security bulletin.

     

    It is recommended that users of GIGABYTE products download the latest GCC version from the vendor’s official software portal to minimize the risk of receiving trojanized installers.

     

    BleepingComputer has contacted both GIGABYTE and SilentGrid to learn more about CVE-2026-4415, but we did not receive a response by publishing time.

     

    Source

    Hope you enjoyed this news post. Feedback welcome.

    Posted Wednesday 1 April 2026 at 12:06 pm AEST (my time).

    News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of March) 1,297

    RIP Matrix

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...