ASUS Fixes High-Severity MyASUS Vulnerability that Allows Privilege Escalation to SYSTEM-Level Access
Published
Key Takeaways
- Flaw identified: A high-severity vulnerability, tracked as CVE-2025-59373, has been discovered in the ASUS MyASUS application.
- Potential Impact: It allows a low-privilege local attacker to escalate to SYSTEM-level access, granting complete control over the affected Windows device.
- Patch availability: ASUS has released security updates to address the issue and urges all users to install them immediately via Windows Update.
ASUS has fixed a significant security vulnerability in its pre-installed MyASUS software that impacts several Windows-based personal computers. The flaw resides in the ASUS System Control Interface Service, a core component that manages hardware settings and system utilities.Â
The vulnerability, identified as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, enabling an attacker with local access to a machine to execute a privilege escalation attack and gain full administrative control.
Understanding the Privilege Escalation Flaw
This ASUS privilege escalation flaw is particularly serious because it allows a threat actor with even minimal local user rights to elevate their permissions to NT AUTHORITY\SYSTEM.Â
With this level of access, an attacker can execute arbitrary code, install malware, exfiltrate sensitive data, and alter system configurations without restriction.Â
While the exploit requires initial local access, its low complexity and the lack of required user interaction make it a significant threat, especially in corporate environments where a single compromised endpoint could facilitate lateral movement across the network.
ASUS Security Update and Mitigation
In response to the discovery, ASUS has issued a security advisory and released patched versions of the affected software. The company strongly recommends that all users update their systems to mitigate the risk associated with the ASUS MyASUS vulnerability.Â
The fixed versions are the ASUS System Control Interface:
- 3.1.48.0 for x64 systemsÂ
- 4.2.48.0 for ARM-based devices.Â
The advisory notes that is update applies to all personal computers, including desktops, laptops, NUCs, and All-in-One PCs.
This ASUS security update will be delivered automatically through Windows Update to eligible systems. Organizations with ASUS devices should prioritize the deployment of this patch and monitor their systems for any signs of exploitation.
A different security bulletin published on the same day addressed potential vulnerabilities in ASUS Router firmware 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular