CSRF Vulnerability in ASUS Router Web Management Interface
CVE-2025-15101

8.5HIGH

Key Information:

Vendor: Asus
Status: Router
Vendor: CVE Published:; 26 March 2026

What is CVE-2025-15101?

A Cross-Site Request Forgery (CSRF) vulnerability in the web management interface of certain ASUS router models allows malicious actors to perform unauthorized actions utilizing the privileges of an authenticated user. This flaw could lead to the execution of system commands through unintended channels, posing significant risks to device security and user data. Users are urged to review the ASUS Security Advisory for guidance on protective measures and firmware updates.

Affected Version(s)

Router 3.0.0.6_102

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Dec 26, 2025

Credit

Per Idenfeldt Okuyama at CYLOQ

CVE-2025-15101 Data

JSON

Asus

What is CVE-2025-15101?

Affected Version(s)

References

CVSS V4

Timeline

Credit