Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.
AnalysisAI
IObit Advanced SystemCare 19 contains a symlink following vulnerability in the ASC.exe Service component that allows local authenticated attackers to achieve high-impact confidentiality and integrity violations. The vulnerability requires local access and elevated privileges (PR:L) but has high attack complexity (AC:H), making real-world exploitation difficult despite public exploit availability. CVSS 6.4 reflects the local-only attack vector and privilege requirement, though the confidentiality and integrity impacts are rated high.
Technical ContextAI
The vulnerability exploits a symlink following flaw (CWE-61) in IObit Advanced SystemCare's service component (ASC.exe). Symlink following occurs when an application follows symbolic links without proper validation, allowing an attacker to redirect file operations to unintended locations. In this case, a locally privileged user can manipulate symlinks to cause the Service component to read from or write to sensitive files outside the intended directory, potentially disclosing sensitive information or modifying system files. The CVSS 4.0 vector indicates AV:L (local only), AC:H (high complexity), PR:L (low privilege required), and impacts to confidentiality (VC:H) and integrity (VI:H), confirming the symlink attack surface within a privileged process.
RemediationAI
Update IObit Advanced SystemCare to the latest available version beyond 19. If an update is not immediately available, implement strict file system permissions on directories accessed by the ASC.exe Service component to prevent symlink creation by lower-privileged users in those directories. Run the Advanced SystemCare service with minimal required privileges rather than administrative or system-level accounts. Monitor for symbolic links created in service-accessible directories using host-based file integrity monitoring (FIM) or endpoint detection tools. Restrict local administrative access and use of the Advanced SystemCare application to trusted administrators only. Consult the vendor directly (IObit) or check https://vuldb.com/vuln/361111 for official patch releases and detailed mitigation guidance.
More in Advanced Systemcare
View allIOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Cl
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier v
There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Rated medium severity (CVSS 5
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier v
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramD
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier v
Same weakness CWE-61 – UNIX Symbolic Link (Symlink) Following
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27317