CVE-2025-2027

ASUS System Analysis - Use After Free

Title source: llm

Description

A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information.

References (1)

[Various Sources] https://www.asus.com/content/asus-product-security-advisory/

Scores

EPSS 0.0011

EPSS Percentile 29.6%

Classification

CWE

CWE-415

Status draft

Timeline

Published Mar 28, 2025

Tracked Since Feb 18, 2026