Akamai has mitigated a local privilege escalation vulnerability in Akamai’s Guardicore Platform Agent for Windows. Updated versions containing a fix for this vulnerability have been available to all customers using Guardicore since the beginning of November 2025 and we are strongly encouraging all users to upgrade (if they have not yet done so).
Vulnerability details
The GC-AGENTS-SERVICE running as part of Akamai’s Guardicore Platform Agent on Windows was affected by a local privilege escalation vulnerability. The service attempted to read an OpenSSL configuration file from a nonexistent location that standard Windows users have default write access to.
This allowed an unprivileged local user to create a crafted “openssl.cnf” file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process.
Since Guardicore Agent runs with SYSTEM privileges, this permitted an unprivileged user to fully elevate privileges to SYSTEM level in this manner.
This attack vector could only be exploited by a user with local access to the workstation or server; it is not remotely exploitable.
The vulnerability has been assigned CVE-2025-53841.
Mitigation
For upgrade instructions and version details, please see our Knowledge Base article or reach out to us via the Akamai Control Center Portal with any questions.
Special thanks
This vulnerability was brought to our attention by Shadi Habbal from TÜV Rheinland i-sec GmbH. Akamai would like to thank Shadi and TÜV Rheinland for their professional cooperation and responsible disclosure.
Tags
