Uncontrolled DLL Loading Path Vulnerability in Asus Software Manager Agent
CVE-2025-12793

8.5HIGH

Key Information:

Vendor

Asus
Status
Asci
Vendor
CVE Published:
6 January 2026

What is CVE-2025-12793?

A vulnerability in the Asus Software Manager Agent allows a local attacker to manipulate the application's DLL loading process. By influencing the application to load a DLL from a location controlled by the attacker, it could lead to arbitrary code execution. This poses significant risks for system integrity and user data. Users are encouraged to review the relevant security advisories for updates and mitigation strategies.

Affected Version(s)

ASCI 64 bit Before v3.1.49.0

ASCI 64 bit Before v1.1.37.0

ASCI ARM Before v3.2.50.0

References

https://www.asus.com/security-advisory
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Daniel Rhea
.