CVE-2025-59373

ASUS System Control Interface and Affected Versions ASUS System Control Interface (affected versions not specified)

Description A local privilege escalation issue exists in the restore mechanism of the ASUS System Control Interface. An unprivileged actor can copy files without proper validation into protected system paths, potentially allowing arbitrary files to be executed with SYSTEM privileges. The vulnerability allows a low-privilege local user to escalate to NT AUTHORITYSYSTEM, granting unrestricted control over the machine. No user interaction is required for exploitation. The vulnerability is related to incorrect permission assignment for a critical resource within the AsusSwitchAgent driver of the ASUS System Control Interface (ASCI).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.