CVE-2025-15038 MEDIUM

CVE-2025-15038

Vendor Asus
Product ASUS Business System Control Interface
Weakness CWE-125
Published March 12, 2026
Last update March 12, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL  request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS  Business System Control Interface" section on the ASUS Security Advisory for more information.

Key dates

02Disclosure timeline

March 12, 2026 CVE published
March 12, 2026 Record updated