CVE-2025-15037
Incorrect Permission Assignment in ASUS BSCI Driver Enables Unauthorized Access
Publication date: 2026-03-12
Last updated on: 2026-03-12
Assigner: ASUS
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asus | business_system_control_interface | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
How can this vulnerability impact me? :
The impact of this vulnerability includes potential unauthorized access to sensitive hardware resources and kernel information disclosure. This means an attacker with limited privileges on the system could gain access to critical system components or sensitive data that should normally be protected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Permission Assignment in the ASUS Business System Control Interface driver. It can be exploited by an unprivileged local user who sends a specially crafted IOCTL request. This may lead to unauthorized access to sensitive hardware resources and disclosure of kernel information.