Description
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information.
Scores
CVSS v4
7.7
EPSS
0.0008
EPSS Percentile
23.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-798
Status
published
Products (1)
ASUS/MyASUS
4.0.35.0 and earlier
Published
Jul 21, 2025
Tracked Since
Feb 18, 2026