Asus Myasus vulnerabilities

5 known vulnerabilities affecting asus/myasus.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-12793HIGHCVSS 8.5fixed in 4.0.52.0fixed in 4.2.50.02026-01-06
CVE-2025-12793 [HIGH] CWE-426 CVE-2025-12793: An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS Security Advisory for more information.
nvd
CVE-2025-59373HIGHCVSS 8.5fixed in 3.1.48.02025-11-25
CVE-2025-59373 [HIGH] CWE-732 CVE-2025-59373: A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Contr A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more information, please refer to section Security Update
cvelistv5nvd
CVE-2025-4569HIGHCVSS 7.7v4.0.35.0 and earlier2025-07-21
CVE-2025-4569 [HIGH] CWE-798 CVE-2025-4569: An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information.
cvelistv5nvd
CVE-2025-4570MEDIUMCVSS 6.9v4.0.35.0 and earlier2025-07-21
CVE-2025-4570 [MEDIUM] CWE-798 CVE-2025-4570: An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information.
cvelistv5nvd
CVE-2022-22814CRITICALCVSS 9.8fixed in 3.1.2.02022-03-10
CVE-2022-22814 [CRITICAL] CVE-2022-22814: The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.
nvd