Akamai acquires LayerX, delivering end-to-end security and real-time AI usage control to any browser. Get details

CVE-2025-53841: Guardicore Local Privilege Escalation Vulnerability

Akamai Wave Blue

Dec 09, 2025

Akamai InfoSec

Akamai Wave Blue

Written by

Akamai InfoSec

Share

Akamai has mitigated a local privilege escalation vulnerability in Akamai’s Guardicore Platform Agent for Windows. Updated versions containing a fix for this vulnerability have been available to all customers using Guardicore since the beginning of November 2025 and we are strongly encouraging all users to upgrade (if they have not yet done so).

Vulnerability details

The GC-AGENTS-SERVICE running as part of Akamai’s Guardicore Platform Agent on Windows was affected by a local privilege escalation vulnerability. The service attempted to read an OpenSSL configuration file from a nonexistent location that standard Windows users have default write access to. 

This allowed an unprivileged local user to create a crafted “openssl.cnf” file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process. 

Since Guardicore Agent runs with SYSTEM privileges, this permitted an unprivileged user to fully elevate privileges to SYSTEM level in this manner.

This attack vector could only be exploited by a user with local access to the workstation or server; it is not remotely exploitable.

The vulnerability has been assigned CVE-2025-53841.

Mitigation

For upgrade instructions and version details, please see our Knowledge Base article or reach out to us via the Akamai Control Center Portal with any questions.

Special thanks

This vulnerability was brought to our attention by Shadi Habbal from TÜV Rheinland i-sec GmbH. Akamai would like to thank Shadi and TÜV Rheinland for their professional cooperation and responsible disclosure.

Akamai Wave Blue

Dec 09, 2025

Akamai InfoSec

Akamai Wave Blue

Written by

Akamai InfoSec

Tags

Share

Related Blog Posts

Security
Podcast: Boardroom Conversations Shift to Surviving a Breach
July 14, 2026
Akamai’s Mani Sundaram discusses the rise of AI-powered microsegmentation and breach survivability — and what new questions boards are asking CISOs today.
Security
Beyond Cloud Uptime: API Security and AI Resilience for 2026
Discover why pure cloud uptime is no longer enough in 2026. Learn how to protect your enterprise against surging API attacks and machine identity sprawl.
Security
Adaptive AI for Detecting Modern DGA Attacks
Learn how a hybrid CNN-BiLSTM-Attention framework improves real-time DGA detection, reduces alert fatigue, and adapts to evolving malware variants.