CVE-2025-14252
Improper Access Control in Advantech SUSI Driver Enables Privilege Escalation
Publication date: 2025-12-16
Last updated on: 2025-12-16
Assigner: TXOne
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advantech | susi | * |
| advantech | susi | 5.0.24335 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Access Control flaw in the Advantech SUSI driver (susi.sys) versions 5.0.24335 and earlier. It allows attackers to read and write arbitrary memory, I/O ports, and Model-Specific Registers (MSRs). This means attackers can gain unauthorized access to system resources, potentially leading to privilege escalation, arbitrary code execution, and information disclosure. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can result in attackers escalating their privileges on the affected system, executing arbitrary code, and disclosing sensitive information. This can compromise system integrity, confidentiality, and availability, potentially allowing attackers to take full control of the affected device. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Advantech SUSI driver (susi.sys) to version 5.0.24336 or later, as this version contains the fix for the issue. [1]