CVE-2025-15037 MEDIUM

CVE-2025-15037

Vendor Asus
Product ASUS Business System Control Interface
Weakness CWE-732
Published March 12, 2026
Last update March 12, 2026

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

Key dates

02Disclosure timeline

March 12, 2026 CVE published
March 12, 2026 Record updated