PT-2026-24909 · Asus · Asus Business System Control Interface
Published
2026-03-11
·
Updated
2026-03-18
·
CVE-2025-15037
CVSS v4.0
6.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ASUS Business System Control Interface driver (affected versions not specified)
Description
An Incorrect Permission Assignment issue exists in the ASUS Business System Control Interface driver. This issue can be triggered by a local user without elevated privileges sending a specially crafted IOCTL request. This could lead to unauthorized access to sensitive hardware resources and kernel information disclosure. An IOCTL (Input/Output Control) request is a method used by applications to communicate with device drivers.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asus Business System Control Interface