ASUS has disclosed a excessive safety vulnerability in its MyASUS utility that would enable native attackers to escalate their privileges to SYSTEM-level entry on affected Home windows units.
The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 rating of 8.5, indicating a major danger to thousands and thousands of ASUS laptop customers worldwide.
Vulnerability Overview
The safety flaw resides within the ASUS System Management Interface Service, a core element of the MyASUS utility that manages {hardware} settings and system utilities on ASUS private computer systems.
The vulnerability allows attackers with low-level native entry to escalate their privileges to SYSTEM-level, granting them full management over the affected machine.
CVE IDAffected ProductImpactCVSS 4.0 ScoreExploit PrerequisitesCVE-2025-59373ASUS System Management Interface Service (MyASUS)Privilege Escalation to SYSTEM8.5 (Excessive)Native entry with low privileges
With SYSTEM-level entry, risk actors can execute arbitrary code, set up malware, entry delicate knowledge, modify system configurations, and doubtlessly transfer laterally throughout enterprise networks.
This makes the vulnerability notably harmful in company environments the place a single compromised endpoint might result in broader community intrusion.
The vulnerability requires native entry to use, that means an attacker should have already got some degree of entry to the goal system.
Nevertheless, the assault complexity is low, requires no consumer interplay, and solely minimal privileges are wanted to set off the exploit.
The potential affect spans excessive confidentiality, integrity, and availability considerations, although the scope stays unchanged past the susceptible element.
The vulnerability impacts all ASUS private computer systems working the MyASUS utility, together with desktops, laptops, NUC programs, and All-in-One PCs. ASUS has launched patched variations to handle the problem.
Customers ought to replace to the next mounted variations instantly:
ASUS System Management Interface 3.1.48.0 for x64 programs
ASUS System Management Interface 4.2.48.0 for ARM-based units
To confirm the present put in model, customers can navigate to MyASUS, then choose Settings and click on About to view the model info.
ASUS urges all customers to use the safety replace as quickly as doable. The replace might be obtained by way of Home windows Replace, which can mechanically ship the patch to eligible programs.
Organizations working ASUS units throughout their networks ought to prioritize deploying this patch given its excessive severity ranking and the potential for privilege-escalation assaults.
Safety groups must also monitor programs for any suspicious exercise that would point out exploitation makes an attempt.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
