CVE-2025-15037

2026-03-12 54bf65a7-a193-42d2-b1ba-8e150d3c35e1

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 03:15 nvd
N/A

Tags

Linux RCE Information Disclosure

Description

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

Analysis

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver.

Technical Context

Classified as CWE-732 (Incorrect Permission Assignment for Critical Resource). An Incorrect

Permission Assignment vulnerability exists in the ASUS Business

System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a

specially crafted IOCTL request,

potentially leading to unauthorized access to sensitive hardware resources

and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

Affected Products

Component: ASUS Business System Control.

Remediation

Monitor vendor advisories for a patch.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-15037 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy