CVE-2025-4569 HIGH

CVE-2025-4569

Vendor Asus
Product MyASUS
Weakness CWE-798 · Hardcoded credentials
Published July 21, 2025
Last update July 22, 2025

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

01Description

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information.

Key dates

02Disclosure timeline

July 21, 2025 CVE published
July 22, 2025 Record updated