CVE-2019-25764
Received Received - Intake

Privilege Escalation via IOCTL in ASUS AURA SYNC Driver

Vulnerability report for CVE-2019-25764, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: ASUS

Description

**UNSUPPORTED WHEN ASSIGNED**Β  Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS DriversΒ ' section on the ASUS Security Advisory for more information.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
asus aura_sync *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-782 The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves an unsupported ASUS AURA SYNC driver with an exposed IOCTL that lacks proper access control. A local user can bypass driver verification to invoke arbitrary IOCTLs, leading to privilege escalation.

Detection Guidance

This vulnerability involves a local privilege escalation via an exposed IOCTL in the ASUS AURA SYNC driver. Detection requires checking for vulnerable driver versions and analyzing system calls. No specific commands are provided in the context. Review ASUS security advisories for legacy driver updates and inspect system logs for unusual IOCTL invocations.

Impact Analysis

A local attacker could exploit this to gain elevated privileges on the system, potentially allowing unauthorized access or control over affected devices running the vulnerable ASUS AURA SYNC driver.

Compliance Impact

This vulnerability allows local privilege escalation due to insufficient access control in the ASUS AURA SYNC driver. While it does not directly impact data protection standards like GDPR or HIPAA, such privilege escalation could potentially lead to unauthorized system access, which may compromise sensitive data handling and storage practices required for compliance.

Mitigation Strategies

Uninstall or update the ASUS AURA SYNC driver to a version that addresses the vulnerability. Refer to ASUS's security advisory for legacy driver updates.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25764. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart