CVE-2025-59373

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
8.5HIGH
EPSS
0.0%
top 93.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Myasus
Timeline
PublishedNov 25

Description

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more information, please refer to section Security Update for MyASUS in the ASUS Security Advisory.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5asus/myasus< 3.1.48.0

🔴Vulnerability Details

2
CVEList
CVE-2025-59373: A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface2025-11-25
GHSA
GHSA-h2gm-8gg9-5mh6: A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface2025-11-25