8.5
CVE-2025-59373
- EPSS 0.02%
- Veröffentlicht 25.11.2025 02:15:44
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 54bf65a7-a193-42d2-b1ba-8e150d
- CVE-Watchlists
- Unerledigt
A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more information, please refer to section Security Update for MyASUS in the ASUS Security Advisory.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerASUS
≫
Produkt
MyASUS
Default Statusunaffected
Version
0
Version <
3.1.48.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.04 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 54bf65a7-a193-42d2-b1ba-8e150d3c35e1 | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.