Refine your search
2 vulnerabilities found for ASUS Business System Control Interface by ASUS
CVE-2025-15038 (GCVE-0-2025-15038)
Vulnerability from cvelistv5
Published
2026-03-12 02:03
Modified
2026-03-12 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
An Out-of-Bounds
Read vulnerability exists in the ASUS Business System
Control Interface driver. This vulnerability can be triggered by an unprivileged local user
sending a specially crafted IOCTL request, potentially leading
to a disclosure of
kernel information or a system crash. Refer to the "Security Update for ASUS
Business System Control Interface" section on the ASUS Security Advisory for more information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ASUS | ASUS Business System Control Interface |
Version: 0 < 0.5.14.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:47:20.773357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:48:08.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ASUS Business System Control Interface",
"vendor": "ASUS",
"versions": [
{
"lessThan": "0.5.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:asus_business_system_control_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.14.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Out-of-Bounds\nRead vulnerability exists in the ASUS Business System\nControl Interface driver. This vulnerability can be triggered by an unprivileged local user\nsending a specially crafted IOCTL \u0026nbsp;request, potentially leading\nto a disclosure of\nkernel information or a system crash. Refer to the \"Security Update for ASUS\u0026nbsp;\nBusiness System Control Interface\" section on the ASUS Security Advisory for more information.\u003c/p\u003e"
}
],
"value": "An Out-of-Bounds\nRead vulnerability exists in the ASUS Business System\nControl Interface driver. This vulnerability can be triggered by an unprivileged local user\nsending a specially crafted IOCTL \u00a0request, potentially leading\nto a disclosure of\nkernel information or a system crash. Refer to the \"Security Update for ASUS\u00a0\nBusiness System Control Interface\" section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T02:55:39.399Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/content/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-15038",
"datePublished": "2026-03-12T02:03:19.645Z",
"dateReserved": "2025-12-23T06:48:58.144Z",
"dateUpdated": "2026-03-12T14:48:08.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15037 (GCVE-0-2025-15037)
Vulnerability from cvelistv5
Published
2026-03-12 02:00
Modified
2026-03-12 13:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
An Incorrect
Permission Assignment vulnerability exists in the ASUS Business
System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a
specially crafted IOCTL request,
potentially leading to unauthorized access to sensitive hardware resources
and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ASUS | ASUS Business System Control Interface |
Version: 0 < 0.5.14.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T13:15:48.452586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T13:15:55.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ASUS Business System Control Interface",
"vendor": "ASUS",
"versions": [
{
"lessThan": "0.5.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:asus_business_system_control_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.14.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Incorrect\nPermission Assignment vulnerability exists in the ASUS Business\nSystem Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a\nspecially crafted IOCTL request,\npotentially leading to unauthorized access to sensitive hardware resources\nand kernel information disclosure. Refer to the \"ASUS Business System Control Interface\" section on the ASUS Security Advisory for more information. \u003c/p\u003e"
}
],
"value": "An Incorrect\nPermission Assignment vulnerability exists in the ASUS Business\nSystem Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a\nspecially crafted IOCTL request,\npotentially leading to unauthorized access to sensitive hardware resources\nand kernel information disclosure. Refer to the \"ASUS Business System Control Interface\" section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T02:00:20.964Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/content/security-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-15037",
"datePublished": "2026-03-12T02:00:20.964Z",
"dateReserved": "2025-12-23T06:48:49.410Z",
"dateUpdated": "2026-03-12T13:15:55.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}