Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local IPC exploitation by an existing low-priv user gives AV:L/PR:L; the path-bypass makes AC:H; the privileged service acting on attacker files crosses a trust boundary (S:C) with full C/I/A impact.
Primary rating from Vendor (ASUS).
CVSS VectorVendor: ASUS
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable . Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information.
AnalysisAI
Arbitrary file operations in ASUS Aura Wallpaper Service allow a low-privileged local user to send crafted commands that carry an attacker-controlled file path, bypassing the service's intended path restrictions and abusing its higher-privileged context. Because the service exposes a communication channel that fails to properly restrict callers or validate file names (CWE-923), a local user can read, write, or manipulate files outside the intended scope, with high impact to confidentiality, integrity, and availability; on certain ASUS models exploitation can also render a single feature unavailable. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires local access to a machine running the ASUS Aura Wallpaper Service with an existing low-privilege account (PR:L) and the ability to reach the service's local IPC/command channel - there is no remote vector (AV:L) and no user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are moderately consistent and point to a real but locally-scoped privilege/manipulation issue rather than a mass-exploitable remote flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged user (or malware already running in that user's context) on an ASUS machine connects to the Aura Wallpaper Service's local command channel and issues a crafted command embedding an arbitrary file path that escapes the service's intended directory. The service, running with higher privilege, performs the requested file operation at the attacker-chosen location, letting the attacker read protected data or write/overwrite files to escalate privilege or corrupt state. … |
| Remediation | Apply ASUS's update for the Aura Wallpaper Service as described in the 'Security Update for Aura Wallpaper Service' section of the ASUS Security Advisory (https://www.asus.com/security-advisory/); the input does not include an exact fixed version, so treat patch status as 'Patch available per vendor advisory' and confirm the specific build number against the advisory before deploying. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify and inventory all ASUS systems running Aura Wallpaper Service and document the scope of local user access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44586
GHSA-285c-cc6q-hwff