CVE-2025-15037

MEDIUM

ASUS Business System Control Interface - Privilege Escalation

Title source: llm

Description

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

References (1)

[Various Sources] https://www.asus.com/content/security-advisory/

Scores

CVSS v4 6.8

EPSS 0.0002

EPSS Percentile 5.5%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-732

Status published

Products (1)

ASUS/ASUS Business System Control Interface < 0.5.14.0

Published Mar 12, 2026

Tracked Since Mar 12, 2026