GIGABYTE｜Gigabyte Control Center - Arbitrary File Write

Description

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

Affected Products

Vendor	Product	Versions
gigabyte	gigabyte control center	0, 25.07.21.01

References

https://www.twcert.org.tw/tw/cp-132-10803-ae014-1.html(third-party-advisory)
https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html(third-party-advisory)

Related News (2 articles)

Tier D

BleepingComputer3h ago

GIGABYTE Control Center vulnerable to arbitrary file write flaw

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-4415 | GIGABYTE Control Center up to 25.07.21.01 path traversal (EUVD-2026-17069)

→ No new info (linked only)

CVSS 3.18.1 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-23

PublishedMar 30, 2026

Last enriched2h agov3

Community Vote

Version History

Last enriched 2h ago

v3Tier D2h ago

Updated severity to CRITICAL, CVSS score to 9.2, added affected versions 25.07.21.01, and included new patch version 25.12.10.01.

affectedVersionstags

via BleepingComputer

v2Tier C1d ago

Updated severity to CRITICAL, added affected version 25.07.21.01, and included MITRE ATT&CK technique T1006.

affectedVersionsseverityactivelyExploitedmitreAttacktags

via VulDB

v11d ago

Initial creation

GIGABYTE｜Gigabyte Control Center - Arbitrary File Write

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History