Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
ASUS Business System Control Interface: Unprivileged User Access to Sensitive Hardware
CVE-2025-15037
Summary
The ASUS Business System Control Interface driver allows an unprivileged local user to potentially access sensitive hardware resources and kernel information. This could lead to unauthorized control over system settings or even data theft. Users should update the driver to the latest version to fix this issue.
Original title
An Incorrect
Permission Assignment vulnerability exists in the ASUS Business
System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a
specially c...
Original description
An Incorrect
Permission Assignment vulnerability exists in the ASUS Business
System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a
specially crafted IOCTL request,
potentially leading to unauthorized access to sensitive hardware resources
and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
Permission Assignment vulnerability exists in the ASUS Business
System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a
specially crafted IOCTL request,
potentially leading to unauthorized access to sensitive hardware resources
and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
nvd CVSS4.0
6.8
Vulnerability type
CWE-732
Incorrect Permission Assignment for Critical Resource
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026