Incorrect Permission Assignment in ASUS Business System Control Interface Driver
CVE-2025-15037

6.8MEDIUM

Key Information:

Vendor

Asus
Status
Asus Business System Control Interface
Vendor
CVE Published:
12 March 2026

What is CVE-2025-15037?

An Incorrect Permission Assignment vulnerability in the ASUS Business System Control Interface driver allows unprivileged local users to send specially crafted IOCTL requests. This could potentially lead to unauthorized access to sensitive hardware resources and disclose critical kernel information, posing a significant risk to system integrity and security. For further details, refer to the ASUS Security Advisory.

Affected Version(s)

ASUS Business System Control Interface 0 < 0.5.14.0

References

https://www.asus.com/content/security-advisory/

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.