CVE-2025-4570

Summary

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services.

Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSMyASUS4.0.35.0 and earlieraffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References