CVE-2025-2027

CWE-4153 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 70.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Asci
Timeline
PublishedMar 28

Description

A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5asus/ascibefore 1.1.32.0, before 3.1.43.0, before 3.2.44.0+2

🔴Vulnerability Details

2
GHSA
GHSA-q92g-r34h-wrx3: A double free vulnerability has been identified in the ASUS System Analysis service2025-03-28
CVEList
CVE-2025-2027: A double free vulnerability has been identified in the ASUS System Analysis service2025-03-28
CVE-2025-2027 (MEDIUM CVSS 5.9) | A double free vulnerability has bee | cvebase.io