Description
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://www.asus.com/content/security-advisory/
Scores
CVSS v4
7.7
EPSS
0.0034
EPSS Percentile
25.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-798
Status
published
Products (1)
ASUS/MyASUS
4.0.35.0 and earlier
Published
Jul 21, 2025
Tracked Since
Feb 18, 2026