CVE-2025-15037

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

CVSS

No CVSS.

References

Link	Resource
https://www.asus.com/content/security-advisory/

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-12 03:15

Updated : 2026-03-12 21:07

NVD link : CVE-2025-15037

Mitre link : CVE-2025-15037

CVE.ORG link : CVE-2025-15037

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2025-15037", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-12T03:15:56.353", "references": [{"url": "https://www.asus.com/content/security-advisory/", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "An Incorrect\nPermission Assignment vulnerability exists in the ASUS Business\nSystem Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a\nspecially crafted IOCTL request,\npotentially leading to unauthorized access to sensitive hardware resources\nand kernel information disclosure. Refer to the \"ASUS Business System Control Interface\" section on the ASUS Security Advisory for more information."}, {"lang": "es", "value": "Una vulnerabilidad de asignaci\u00f3n de permisos incorrecta existe en el controlador ASUS Business System Control Interface. Esta vulnerabilidad puede ser activada por un usuario local sin privilegios enviando una solicitud IOCTL especialmente dise\u00f1ada, lo que podr\u00eda llevar a acceso no autorizado a recursos de hardware sensibles y revelaci\u00f3n de informaci\u00f3n del kernel. Consulte la secci\u00f3n 'ASUS Business System Control Interface' en el Aviso de Seguridad de ASUS para m\u00e1s informaci\u00f3n."}], "lastModified": "2026-03-12T21:07:53.427", "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}

CVE-2025-15037

JSON object

Attach tags to CVE-2025-15037

Attach tags to `CVE-2025-15037`