CVE-2025-13348 HIGH

CVE-2025-13348

Vendor Asus

Product ASUS Business Manager

Weakness CWE-862 · Missing authorization

Published February 2, 2026

Last update February 2, 2026

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update for ASUS Business Manager" section on the ASUS Security Advisory for more information.

Key dates

02Disclosure timeline

February 2, 2026 CVE published

February 2, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13348

Related vulnerabilities

04Related CVE

CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order CVE-2025-31415 WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return CVE-2025-43008 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization