ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices.
The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions of ASUS computer users worldwide.
Vulnerability Overview
The security flaw resides in the ASUS System Control Interface Service, a core component of the MyASUS application that manages hardware settings and system utilities on ASUS personal computers.
The vulnerability enables attackers with low-level local access to escalate their privileges to SYSTEM-level, granting them complete control over the affected machine.
| CVE ID | Affected Product | Impact | CVSS 4.0 Score | Exploit Prerequisites |
| CVE-2025-59373 | ASUS System Control Interface Service (MyASUS) | Privilege Escalation to SYSTEM | 8.5 (High) | Local access with low privileges |
With SYSTEM-level access, threat actors can execute arbitrary code, install malware, access sensitive data, modify system configurations, and potentially move laterally across enterprise networks.
This makes the vulnerability particularly dangerous in corporate environments where a single compromised endpoint could lead to broader network intrusion.
The vulnerability requires local access to exploit, meaning an attacker must already have some level of access to the target system.
However, the attack complexity is low, requires no user interaction, and only minimal privileges are needed to trigger the exploit.
The potential impact spans high confidentiality, integrity, and availability concerns, though the scope remains unchanged beyond the vulnerable component.
The vulnerability affects all ASUS personal computers running the MyASUS application, including desktops, laptops, NUC systems, and All-in-One PCs. ASUS has released patched versions to address the issue.
Users should update to the following fixed versions immediately:
- ASUS System Control Interface 3.1.48.0 for x64 systems
- ASUS System Control Interface 4.2.48.0 for ARM-based devices
To verify the current installed version, users can navigate to MyASUS, then select Settings and click About to view the version information.
ASUS urges all users to apply the security update as soon as possible. The update can be obtained through Windows Update, which will automatically deliver the patch to eligible systems.
Organizations running ASUS devices across their networks should prioritize deploying this patch given its high severity rating and the potential for privilege-escalation attacks.
Security teams should also monitor systems for any suspicious activity that could indicate exploitation attempts.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
