CVE-2025-59373

HIGH

ASUS System Control Interface - Privilege Escalation

Title source: llm

Description

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more information, please refer to section Security Update for MyASUS in the ASUS Security Advisory.

References (1)

[Various Sources] https://www.asus.com/content/security-advisory/

Scores

CVSS v4 8.5

EPSS 0.0002

EPSS Percentile 3.6%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (1)

ASUS/MyASUS < 3.1.48.0

Published Nov 25, 2025

Tracked Since Feb 18, 2026