A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe.
The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe
service.https://gbhackers.com/acer-control-center-flaw/