Insufficient Access Control in ASUS AURA SYNC Driver
CVE-2019-25764

7.3HIGH

Key Information:

Vendor

Asus

Status
Vendor
CVE Published:
17 July 2026

What is CVE-2019-25764?

The ASUS AURA SYNC driver contains a flaw that exposes IOCTL with insufficient access control, allowing local users to evade verification mechanisms. This security gap enables attackers to invoke arbitrary IOCTLs, leading to potential privilege escalation on affected systems. For further details and updates regarding legacy drivers, please refer to the official ASUS Security Advisory.

Affected Version(s)

AURA SYNC 0 < 1.07.84

References

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.