The Akamai Guardicore Platform Agent is a lightweight software component installed on servers and endpoints that enables microsegmentation, network visibility, and security policy enforcement as part of the Akamai Guardicore Segmentation platform.
During the security hardening assessment of a client’s Windows server, I identified a privilege escalation vulnerability in the product. This flaw enables local attackers to elevate their privileges to SYSTEM level.
The Akamai information security team was informed about this vulnerability, and collaboration ensured its responsible disclosure. A patch has been released for all supported versions as of 31.08.2025, and Akamai customers are strongly encouraged to update their systems promptly. Further information can be obtained here.
The vulnerability has been assigned CVE-2025-53841 and has a severity of 7.8 (high) (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
To provide Akamai’s customers with sufficient time to patch their systems, I will refrain from disclosing technical details about the vulnerability at this time.
Disclosure Timeline
| 24.06.2025 | Initial notification per email |
| 27.06.2025 | Technical details shared with Akamai |
| 01.07.2025 | Akamai confirms the vulnerability |
| 31.08.2025 | Akamai rolls out a fix for all supported versions |
| 08.09.2025 | This (limited) public disclosure |
