CVE-2025-2027

Summary

A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSASCIbefore 1.1.32.0affected
ASUSASCIbefore 3.1.43.0affected
ASUSASCIbefore 3.2.44.0affected

Weaknesses

  • CWE-415: CWE-415 Double Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References