Asus has released a patch for a highly severe local privilege escalation vulnerability in its MyASUS software, which comes preinstalled on most of its computers and potentially affects millions of users worldwide.
Privilege Escalation Flaw (CVE-2025-59373)
The MyASUS app, which provides system updates and support tools, contained a flaw in the restore mechanism of the Asus System Control Interface. This bug, labeled CVE-2025-59373 and rated 8.5 out of 10 for severity, could be exploited by a low privileged attacker to elevate their access rights on the system, affecting both ARM and x64 systems. The vulnerability stems from the fact that an unprivileged actor can copy files without proper validation into protected system paths, potentially leading to arbitrary files being executed with SYSTEM level privileges.
Urgent Update Recommendations
Asus has patched the MyASUS app and urges all users to apply the update immediately through Windows Update or by downloading the updated package from the Asus Support site. The patch applies to all personal computers, including desktop, laptop, NUC, and All-in-One PC.
The bug affects all ASUS System Control Interface versions prior to 3.1.48.0 (x64) and 4.2.48.0 (ARM). Users can check their current version by navigating to Settings and then selecting "About" within the MyASUS application.
Router Firmware Update
In addition to the MyASUS patch, Asus has also released security updates for its router firmware to address multiple vulnerabilities. The most critical router flaw is an authentication bypass vulnerability in AiCloud that could allow attackers to execute specific functions without proper authorization.
Asus also warned that end of life router models will not receive the new firmware patch. For these older models, the vendor strongly recommends disabling all internet accessible services, including AICloud, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, Port triggering, and FTP.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
