Akamai has mitigated a local privilege escalation vulnerability in Akamai’s Guardicore Platform Agent for Windows. Updated versions containing a fix for this vulnerability have been available to all customers using Guardicore since the beginning of November 2025 and we are strongly encouraging all users to upgrade (if they have not yet done so). The GC-AGENTS-SERVICE running as part of Akamai’s Guardicore Platform Agent on Windows was affected by a local privilege escalation vulnerability. The service attempted to read an OpenSSL configuration file from a nonexistent location that standard Windows users have default write access to.  This allowed an unprivileged local user to create a crafted “openssl.cnf” file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process.  Since Guardicore Agent runs with SYSTEM privileges, this permitted an unprivileged user to fully elevate…