The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions of ASUS computer users worldwide.
The security flaw resides in the ASUS System Control Interface Service, a core component of the MyASUS application that manages hardware settings and system utilities on ASUS personal computers.
The vulnerability enables attackers with low-level local access to escalate their privileges to SYSTEM-level, granting them complete control over the affected machine.
| CVE ID | Affected Product | Impact | CVSS 4.0 Score | Exploit Prerequisites |
| CVE-2025-59373 | ASUS System Control Interface Service (MyASUS) | Privilege Escalation to SYSTEM | 8.5 (High) | Local access with low privileges |
With SYSTEM-level access, threat actors can execute arbitrary code, install malware, access sensitive data, modify system configurations, and potentially move laterally across enterprise networks.
This makes the vulnerability particularly dangerous in corporate environments where a single compromised endpoint could lead to broader network intrusion.
The vulnerability requires local access to exploit, meaning an attacker must already have some level of access to the target system.
However, the attack complexity is low, requires no user interaction, and only minimal privileges are needed to trigger the exploit.
The potential impact spans high confidentiality, integrity, and availability concerns, though the scope remains unchanged beyond the vulnerable component.
The vulnerability affects all ASUS personal computers running the MyASUS application, including desktops, laptops, NUC systems, and All-in-One PCs. ASUS has released patched versions to address the issue.
Users should update to the following fixed versions immediately:
To verify the current installed version, users can navigate to MyASUS, then select Settings and click About to view the version information.
ASUS urges all users to apply the security update as soon as possible. The update can be obtained through Windows Update, which will automatically deliver the patch to eligible systems.
Organizations running ASUS devices across their networks should prioritize deploying this patch given its high severity rating and the potential for privilege-escalation attacks.
Security teams should also monitor systems for any suspicious activity that could indicate exploitation attempts.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access appeared first on Cyber Security News.
For all of you Honkai Star Rail superfans, there's a custom PC built just for…
After a chaotic week following the Justice Department's mid-trial settlement with Live Nation-Ticketmaster, the antitrust…
Looking for a powerful ebike with the speed and range to meet your ambitious needs?…
Don't miss this great opportunity to add to your 4K movie collection. Gruv, one of…
Federal Reserve Chair Jerome Powell speaks during a press conference on Dec. 10, 2025 in…
Federal Reserve Chair Jerome Powell speaks during a press conference on Dec. 10, 2025 in…
This website uses cookies.