CVE-2025-15037

Low

Low Medium High Critical

CVSS Score

Published: Mar 12, 2026

Last Modified: Mar 12, 2026

Vulnerability Description

An Incorrect
Permission Assignment vulnerability exists in the ASUS Business
System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a
specially crafted IOCTL request,
potentially leading to unauthorized access to sensitive hardware resources
and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

References & Resources

https://www.asus.com/content/security-advisory/
54bf65a7-a193-42d2-b1ba-8e150d3c35e1

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-732

Incorrect Permission Assignment for Critical Resource

Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class

View CWE Details on MITRE

Key Information

Published Date: March 12, 2026

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages