{"id":8737,"date":"2025-11-26T10:00:48","date_gmt":"2025-11-26T10:00:48","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/11\/26\/asus-myasus-flaw-lets-hackers-escalate-to-system-level-access\/"},"modified":"2025-11-26T10:00:48","modified_gmt":"2025-11-26T10:00:48","slug":"asus-myasus-flaw-lets-hackers-escalate-to-system-level-access","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/11\/26\/asus-myasus-flaw-lets-hackers-escalate-to-system-level-access\/","title":{"rendered":"ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access"},"content":{"rendered":"<p>    ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected <a href=\"https:\/\/cybersecuritynews.com\/threat-actors-leverages-deepseek-r1-popularity\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows devices<\/a>.<\/p>\n<p>The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions of ASUS computer users worldwide.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-vulnerability-overview\"><strong>Vulnerability Overview<\/strong><\/h2>\n<p>The security flaw resides in the ASUS System Control Interface Service, a core component of the MyASUS application that manages hardware settings and system utilities on ASUS personal computers.<\/p>\n<p>The vulnerability enables attackers with low-level local access to escalate their privileges to SYSTEM-level, granting them complete control over the affected machine.<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<td><strong>CVE ID<\/strong><\/td>\n<td><strong>Affected Product<\/strong><\/td>\n<td><strong>Impact<\/strong><\/td>\n<td><strong>CVSS 4.0 Score<\/strong><\/td>\n<td><strong>Exploit Prerequisites<\/strong><\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>CVE-2025-59373<\/td>\n<td>ASUS System Control Interface Service (MyASUS)<\/td>\n<td>Privilege Escalation to SYSTEM<\/td>\n<td>8.5 (High)<\/td>\n<td>Local access with low privileges<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>With SYSTEM-level access, threat actors can execute arbitrary code, install <a href=\"https:\/\/cybersecuritynews.com\/llms-tools-like-gpt-3-5-turbo-and-gpt-4\/\" target=\"_blank\" rel=\"noreferrer noopener\">malware<\/a>, access sensitive data, modify system configurations, and potentially move laterally across enterprise networks.<\/p>\n<p>This makes the vulnerability particularly dangerous in corporate environments where a single compromised endpoint could lead to broader network intrusion.<\/p>\n<p>The vulnerability requires local access to exploit, meaning an attacker must already have some level of access to the target system.<\/p>\n<p>However, the attack complexity is low, requires no user interaction, and only minimal privileges are needed to trigger the exploit.<\/p>\n<p>The potential impact spans high confidentiality, integrity, and availability concerns, though the scope remains unchanged beyond the vulnerable component.<\/p>\n<p>The vulnerability affects all ASUS personal computers running the MyASUS application, including desktops, <a href=\"https:\/\/cybersecuritynews.com\/dell-laptops-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">laptops<\/a>, NUC systems, and All-in-One PCs. ASUS has released patched versions to address the issue.<\/p>\n<p>Users should update to the following fixed versions immediately:<\/p>\n<ul class=\"wp-block-list\">\n<li>ASUS System Control Interface 3.1.48.0\u00a0for x64 systems<\/li>\n<li>ASUS System Control Interface 4.2.48.0\u00a0for ARM-based devices<\/li>\n<\/ul>\n<p>To verify the current installed version, users can navigate to MyASUS, then select Settings and click About to view the version information.<\/p>\n<p><a href=\"https:\/\/www.asus.com\/security-advisory\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">ASUS<\/a> urges all users to apply the security update as soon as possible. The update can be obtained through Windows Update, which will automatically deliver the patch to eligible systems.<\/p>\n<p>Organizations running ASUS devices across their networks should prioritize deploying this patch given its high severity rating and the potential for privilege-escalation attacks.<\/p>\n<p>Security teams should also monitor systems for any suspicious activity that could indicate exploitation attempts.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/asus-myasus-flaw\/\">ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Dhivya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/asus-myasus-flaw\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices. The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,2024,416,131],"tags":[130],"class_list":["post-8737","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-latest-cybersecurity-news","category-vulnerabilities","category-vulnerability","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8737"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8737"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8737\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}