CVE-2025-14252
Unknown Unknown - Not Provided
Improper Access Control in Advantech SUSI Driver Enables Privilege Escalation

Publication date: 2025-12-16

Last updated on: 2025-12-16

Assigner: TXOne

Description
An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-16
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14252
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
advantech susi *
advantech susi 5.0.24335
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Access Control flaw in the Advantech SUSI driver (susi.sys) versions 5.0.24335 and earlier. It allows attackers to read and write arbitrary memory, I/O ports, and Model-Specific Registers (MSRs). This means attackers can gain unauthorized access to system resources, potentially leading to privilege escalation, arbitrary code execution, and information disclosure. [1]

Impact Analysis

Exploitation of this vulnerability can result in attackers escalating their privileges on the affected system, executing arbitrary code, and disclosing sensitive information. This can compromise system integrity, confidentiality, and availability, potentially allowing attackers to take full control of the affected device. [1]

Mitigation Strategies

To mitigate this vulnerability, you should update the Advantech SUSI driver (susi.sys) to version 5.0.24336 or later, as this version contains the fix for the issue. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart