CVE-2025-13348

CVSS v4.0

8.5

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions ASUS Business Manager (affected versions not specified)

Description An improper access control issue exists in the ASUS Secure Delete Driver component of ASUS Business Manager. A local user can exploit this by sending a crafted request, which may allow the creation of arbitrary files in a specified path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-13348

Affected Products

Asus Business Manager

CVE-2025-13348

Weakness Enumeration

Related Identifiers

Affected Products

References · 5