—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in ASUS System Control Interface

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Component Affected

ASUS System Control Interface 3.1.48.0 (x64)

ASUS System Control Interface 4.2.48.0 (ARM)

Overview

A vulnerability has been reported in ASUS System Control that could be exploited by an attacker low-level access to the system to elevate their privileges to SYSTEM (the highest level of access in Windows), essentially taking full control of the affected device.

Target Audience:

Network and Security Administrators, IT Operations and System Engineers, Enterprise Architects and CIOs/CTOs, Managed Service Providers (MSPs).

Risk Assessment:

There are high risks of Confidentiality, Operational, Integrity, and Availability.

Impact Assessment:

There are high risks of Confidentiality, Integrity, and Availability.

Description

The ASUS System Control Interface (ASCI) is a key system component, typically implemented as a Windows service driver on ASUS laptops and desktops. It acts as a bridge between the operating system and the hardware-level functions managed by ASUS software, enabling features such as device-specific controls, performance tuning, and system monitoring.

A vulnerability exists in the restore mechanism of ASUS System Control Interface due to insufficient validation.

Successfully exploitation of this vulnerability could allow an unprivileged user copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM.

Solution

Apply appropriate software updates as mentioned by vendor

https://www.asus.com/security-advisory

Vendor Information

ASUS

https://www.asus.com/security-advisory

References

 

https://www.asus.com/security-advisory

CVE Name

CVE-2025-59373

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkoUT4ACgkQ3jCgcSdc

ys+53A/+KYqylfkJHP1TcFarwIIWKZjZ/zlz/qdW+N6L+cA7MSwkYspV8O+ylmgc

bfyegt9gRHa42aC0CyqZz13noFUQqBQtZe0qmdV3sb65t+kXHwLrqmYUeW/h5JTg

edm+Zrz95FBggRxaTOxDVp4n+saQ0Y+MSGujUqhAaT/2RMZpNydR9ZyB+vwQ7DMP

xwNNTmsr9D5QcJNphaE3WEBEk3UcQle27lqDuQtsWd0D3sKfRg9QODWsDAwRHyYd

mzxMY28eak7y4ZFQ9GahTpAjg9OhAfeiZlA95rrzFEq2PCoqECBdLGeGuJvUTgkO

+syhjfjxyl9U9Ddg73TUsd3eolQvS1s7cIj5g058xK27C7dImZ+VThhltvLhi+2g

SpCZ6IkhFbhg4ZPooQaibvqRKcWOwKcLkW7HZ3ugKfuOCJAyK9wv7s9ceoFrQSL8

7WuZ57XQCFSDo3bunLG8DUEHVjQ1N4vxGq3GY9cdF0PB+SKBotsXNy2tmjzMp3rV

mvBqDxXh3GOTm/QE3gSDNVqL/lvkJuqJRbNt6SLgSOS2FdUMge9jQSukEqQ2Dc0C

2lqerSkpagu+bRUPdDIT2D/x5UEA85htGKpMcfGkGE/XgMTRm2z/V+NtX71L9yGi

xH+61fFmoNSTQVwFdkkJB8kmtAg953GlIgwoVrirAi4VDcF8y1M=

=M7bP

—–END PGP SIGNATURE—–