CVE-2025-15037 | THREATINT

Description

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

PUBLISHED Reserved 2025-12-23 | Published 2026-03-12 | Updated 2026-03-12 | Assigner ASUS

MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status

unaffected

Any version before 0.5.14.0

affected

References

www.asus.com/content/security-advisory/

cve.org (CVE-2025-15037)

nvd.nist.gov (CVE-2025-15037)

Download JSON