CVE-2025-2027

MEDIUM

ASUS System Analysis - Use After Free

Title source: llm

Description

A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information.

References (1)

[Various Sources] https://www.asus.com/content/asus-product-security-advisory/

Scores

CVSS v4 5.9

EPSS 0.0011

EPSS Percentile 29.3%

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-415

Status published

Products (3)

ASUS/ASCI before 1.1.32.0

ASUS/ASCI before 3.1.43.0

ASUS/ASCI before 3.2.44.0

Published Mar 28, 2025

Tracked Since Feb 18, 2026