CVE-2025-12793

CWE-4263 documents3 sources
Severity
8.5HIGH
EPSS
0.0%
top 95.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Asus MyasusAsus Asci
Timeline
PublishedJan 6

Description

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS Security Advisory for more information.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDasus/myasus< 4.0.52.0+1
CVEListV5asus/asciBefore v1.1.37.0, Before v3.1.49.0, Before v3.2.50.0+2

🔴Vulnerability Details

2
CVEList
CVE-2025-12793: An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent2026-01-06
GHSA
GHSA-qf35-p6j5-89hp: An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent2026-01-06
CVE-2025-12793 (HIGH CVSS 8.5) | An uncontrolled DLL loading path vu | cvebase.io