GIGABYTE Control Center vulnerable to arbitrary file write flaw

Summary

GIGABYTE Control Center versions 25.07.21.01 and earlier contain a critical arbitrary file-write vulnerability (CVE-2026-4415, CVSS 9.2) when the pairing feature is enabled, allowing unauthenticated remote attackers to write files to any OS location and achieve code execution or privilege escalation. The flaw affects the pre-installed utility on GIGABYTE laptops and motherboards. GIGABYTE recommends immediate upgrade to version 25.12.10.01, which includes fixes for download path management, message processing, and command encryption.

Full text

GIGABYTE Control Center vulnerable to arbitrary file write flaw By Bill Toulas March 31, 2026 06:28 PM 0 The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. The hardware maker says that successful exploitation could potentially lead to code execution on the underlying system, privilege escalation, and a denial-of-service condition. The GIGABYTE Control Center (GCC), which comes pre-installed on all the company’s laptops and motherboards, is GIGABYTE’s all-in-one Windows utility that lets users manage and configure their hardware. It supports hardware monitoring, fan control, performance tuning, RGB lighting control, driver and firmware updates, and device management. A feature in the Control Center is “pairing,” which allows the tool to communicate with other devices or services over the network. Systems with the 'pairing' option enabled on Control Center versions 25.07.21.01 and earlier are exposed to attacks. “When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation,” warned Taiwan’s CERT. The issue, tracked as CVE-2026-4415, was discovered by security researcher David Sprüngli. Based on the CVSS v4.0 scoring system, the issue has a critical severity rating (9.2 out of 10). Users are recommended to upgrade to the latest version of Control Center, currently 25.12.10.01, which includes fixes for download path management, message processing, and command encryption to effectively mitigate the vulnerability. “Customers are strongly advised to upgrade to the latest GCC version immediately,” the vendor warns in the security bulletin. It is recommended that users of GIGABYTE products download the latest GCC version from the vendor’s official software portal to minimize the risk of receiving trojanized installers. BleepingComputer has contacted both GIGABYTE to learn more about CVE-2026-4415, but we did not receive a response by publishing time. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: Critical Fortinet Forticlient EMS flaw now exploited in attacksCISA: New Langflow flaw actively exploited to hijack AI workflowsPTC warns of imminent threat from critical Windchill, FlexPLM RCE bugVeeam warns of critical flaws exposing backup servers to RCE attacksCisco fixes critical pre-auth bugs in SD-WAN, cloud license manager

Indicators of Compromise

• cve — CVE-2026-4415