CVE-2025-15037

MEDIUM EPSS 1.0%

Published Mar 12, 20263mo ago · Modified Mar 12, 20263mo ago

6.8 CVSS 4.0

Medium

Published Mar 12, 2026 3mo ago

Last Modified Mar 12, 2026 3mo ago

Description

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

CVSS Details

Base Score

6.8

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

1.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-732

References 1

asus.com https://www.asus.com/content/security-advisory/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.