An arbitrary file-write vulnerability in the GIGABYTE Control Center’s pairing feature allows unauthenticated remote attackers to write files to any location on affected systems, potentially leading to code execution, privilege escalation, or denial-of-service. GIGABYTE has released version 25.12.10.01 to address the issue tracked as CVE-2026-4415 and urges users to update from earlier versions while downloading patches only from the vendor’s official portal to avoid trojanized installers. #GIGABYTE_Control_Center #CVE-2026-4415
Keypoints
- The GCC pairing feature in versions 25.07.21.01 and earlier permits unauthenticated arbitrary file writes.
- Successful exploitation can lead to remote code execution, privilege escalation, or denial-of-service.
- The flaw is tracked as CVE-2026-4415 and has a critical CVSS v4.0 score of 9.2/10.
- GIGABYTE released patched Control Center version 25.12.10.01 fixing download path management, message processing, and command encryption.
- Users are advised to upgrade immediately from GIGABYTE’s official software portal to minimize risk of trojanized installers.