CVE-2025-15038

An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

CVSS

No CVSS.

References

Link	Resource
https://www.asus.com/content/security-advisory

Configurations

No configuration.

History

12 Mar 2026, 21:07

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de lectura fuera de límites en el controlador de la Interfaz de Control del Sistema Empresarial de ASUS. Esta vulnerabilidad puede ser activada por un usuario local sin privilegios que envíe una solicitud IOCTL especialmente diseñada, lo que podría llevar a una divulgación de información del kernel o a un fallo del sistema. Consulte la sección 'Actualización de seguridad para la Interfaz de Control del Sistema Empresarial de ASUS' en el Aviso de Seguridad de ASUS para más información.

12 Mar 2026, 04:16

Type	Values Removed	Values Added
Summary	(en) An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by a unprivileged local user sending a specially crafted IOCTL request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.	(en) An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.

12 Mar 2026, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-12 03:15

Updated : 2026-03-12 21:07

NVD link : CVE-2025-15038

Mitre link : CVE-2025-15038

CVE.ORG link : CVE-2025-15038

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2025-15038", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-12T03:15:57.403", "references": [{"url": "https://www.asus.com/content/security-advisory", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An Out-of-Bounds\nRead vulnerability exists in the ASUS Business System\nControl Interface driver. This vulnerability can be triggered by an unprivileged local user\nsending a specially crafted IOCTL \u00a0request, potentially leading\nto a disclosure of\nkernel information or a system crash. Refer to the \"Security Update for ASUS\u00a0\nBusiness System Control Interface\" section on the ASUS Security Advisory for more information."}, {"lang": "es", "value": "Existe una vulnerabilidad de lectura fuera de l\u00edmites en el controlador de la Interfaz de Control del Sistema Empresarial de ASUS. Esta vulnerabilidad puede ser activada por un usuario local sin privilegios que env\u00ede una solicitud IOCTL especialmente dise\u00f1ada, lo que podr\u00eda llevar a una divulgaci\u00f3n de informaci\u00f3n del kernel o a un fallo del sistema. Consulte la secci\u00f3n 'Actualizaci\u00f3n de seguridad para la Interfaz de Control del Sistema Empresarial de ASUS' en el Aviso de Seguridad de ASUS para m\u00e1s informaci\u00f3n."}], "lastModified": "2026-03-12T21:07:53.427", "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}