CVE-2025-15037
MEDIUMASUS Business System Control Interface - Privilege Escalation
Title source: llmDescription
An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
References (1)
Core 1
Core References
Various Sources
https://www.asus.com/content/security-advisory/
Scores
CVSS v4
6.8
EPSS
0.0010
EPSS Percentile
1.0%
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-732
Status
published
Products (1)
ASUS/ASUS Business System Control Interface
< 0.5.14.0
Published
Mar 12, 2026
Tracked Since
Mar 12, 2026