CVE-2025-2027 MEDIUM

CVE-2025-2027

Vendor Asus
Product ASCI
Weakness CWE-415
Published March 28, 2025
Last update March 28, 2025

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information.

Key dates

02Disclosure timeline

March 28, 2025 CVE published
March 28, 2025 Record updated