Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-25764

Summary
Assigner-ASUS
Assigner Org ID-54bf65a7-a193-42d2-b1ba-8e150d3c35e1
Published At-17 Jul, 2026 | 06:00
Updated At-17 Jul, 2026 | 10:10
Rejected At-
Credits

**UNSUPPORTED WHEN ASSIGNED**  Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ASUS
Assigner Org ID:54bf65a7-a193-42d2-b1ba-8e150d3c35e1
Published At:17 Jul, 2026 | 06:00
Updated At:17 Jul, 2026 | 10:10
Rejected At:
▼CVE Numbering Authority (CNA)

**UNSUPPORTED WHEN ASSIGNED**  Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.

Affected Products
Vendor
ASUS (ASUSTeK Computer Inc.)ASUS
Product
AURA SYNC
Default Status
unaffected
Versions
Affected
  • From 0 before 1.07.84 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-782CWE-782: Exposed IOCTL with Insufficient Access Control
Type: CWE
CWE ID: CWE-782
Description: CWE-782: Exposed IOCTL with Insufficient Access Control
Metrics
VersionBase scoreBase severityVector
4.07.3HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.asus.com/security-advisory
N/A
Hyperlink: https://www.asus.com/security-advisory
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:54bf65a7-a193-42d2-b1ba-8e150d3c35e1
Published At:17 Jul, 2026 | 07:16
Updated At:17 Jul, 2026 | 18:10

**UNSUPPORTED WHEN ASSIGNED**  Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.3HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
N/A
Type: Secondary
Version: 4.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-782Secondary54bf65a7-a193-42d2-b1ba-8e150d3c35e1
CWE ID: CWE-782
Type: Secondary
Source: 54bf65a7-a193-42d2-b1ba-8e150d3c35e1
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.asus.com/security-advisory54bf65a7-a193-42d2-b1ba-8e150d3c35e1
N/A
Hyperlink: https://www.asus.com/security-advisory
Source: 54bf65a7-a193-42d2-b1ba-8e150d3c35e1
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found

CVE-2022-4990
Matching Score-8
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-8
Assigner-ASUSTeK Computer Incorporation
CVSS Score-7.3||HIGH
EPSS-0.10% / 0.84%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 02:00
Updated-17 Jul, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-AI Suite 3
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2026-8070
Matching Score-8
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-8
Assigner-ASUSTeK Computer Incorporation
CVSS Score-7.3||HIGH
EPSS-0.09% / 0.57%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 02:00
Updated-30 May, 2026 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '  Security Update for Armoury Crate App   ' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-Armoury Crate
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-7480
Matching Score-8
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-8
Assigner-ASUSTeK Computer Incorporation
CVSS Score-7.3||HIGH
EPSS-0.14% / 3.38%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 02:06
Updated-29 May, 2026 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control Interface' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-ASUS System Control Interface
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-6737
Matching Score-6
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-6
Assigner-ASUSTeK Computer Incorporation
CVSS Score-2||LOW
EPSS-0.09% / 0.63%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 02:00
Updated-08 May, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-AsusPTPFilter
CWE ID-CWE-782
Exposed IOCTL with Insufficient Access Control
CVE-2025-8061
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.37% / 29.31%
||
7 Day CHG~0.00%
Published-11 Sep, 2025 | 18:34
Updated-22 Sep, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Dispatcher 3.0 DriverDispatcher 3.1 Driver
CWE ID-CWE-782
Exposed IOCTL with Insufficient Access Control
Details not found