Description
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.
Published: 2026-03-30
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Arbitrary File Write
Action: Immediate Patch
AI Analysis

Impact

Gigabyte Control Center contains an arbitrary file write flaw that allows an unauthenticated remote attacker, when the pairing feature is enabled, to write files to any path on the host operating system. This flaw can be leveraged to place malicious executables or overwrite system files, thereby enabling remote code execution or privilege escalation. The weakness is classified as CWE‑23 (Path Traversal) and CWE‑787 (Out‑of‑Bounds Write).

Affected Systems

The vulnerability affects Gigabyte's Control Center software. Users running versions earlier than 25.12.10.01 are impacted. The affected product is identified by the vendor GIGABYTE and the product Gigabyte Control Center.

Risk and Exploitability

The CVSS base score of 9.2 indicates critical severity, while the EPSS score of less than 1% suggests a low probability of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog, implying no publicly known active exploits, but the attack vector is remote and requires no authentication, making it highly attractive for attackers. Exposing the pairing feature likely allows the attacker to send crafted requests to write files on the system, completing the exploit.

Generated by OpenCVE AI on April 8, 2026 at 20:42 UTC.

Remediation

Vendor Solution

Please update to version 25.12.10.01 or later.

OpenCVE Recommended Actions

  • Update Gigabyte Control Center to version 25.12.10.01 or later.
  • Verify that the pairing feature is disabled if the update is pending.
  • Check for additional vendor advisories or patches.

Generated by OpenCVE AI on April 8, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Gigabyte control Center
Weaknesses CWE-787
CPEs cpe:2.3:a:gigabyte:control_center:*:*:*:*:*:*:*:*
Vendors & Products Gigabyte control Center

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Gigabyte
Gigabyte gigabyte Control Center
Vendors & Products Gigabyte
Gigabyte gigabyte Control Center

Mon, 30 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.
Title GIGABYTE|Gigabyte Control Center - Arbitrary File Write
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Gigabyte Control Center Gigabyte Control Center
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-03-31T03:55:38.063Z

Reserved: 2026-03-19T02:53:07.470Z

Link: CVE-2026-4415

cve-icon Vulnrichment

Updated: 2026-03-30T15:04:04.912Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T08:16:18.107

Modified: 2026-04-08T19:25:28.977

Link: CVE-2026-4415

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:29:29Z

Weaknesses