CVE-2025-59373 | THREATINT

Description

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more information, please refer to section Security Update for MyASUS in the ASUS Security Advisory.

PUBLISHED Reserved 2025-09-15 | Published 2025-11-25 | Updated 2025-11-25 | Assigner ASUS

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status

unaffected

Any version before 3.1.48.0

affected

References

www.asus.com/content/security-advisory/

cve.org (CVE-2025-59373)

nvd.nist.gov (CVE-2025-59373)

Download JSON