CVE-2025-12793 (GCVE-0-2025-12793)
Vulnerability from cvelistv5 – Published: 2026-01-06 02:14 – Updated: 2026-01-06 18:57
VLAI
Summary
An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.
Refer to the '
Security Update for MyASUS' section on the ASUS Security Advisory for more information.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.asus.com/security-advisory | vendor-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12793",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:20:04.567403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T18:57:12.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.asus.com/security-advisory"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit"
],
"product": "ASCI",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "Before v3.1.49.0"
},
{
"status": "affected",
"version": "Before v1.1.37.0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"ARM"
],
"product": "ASCI",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "Before v3.2.50.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Daniel Rhea"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.\u003cbr\u003eRefer to the \u0027\n\n\u003ca target=\"_blank\" rel=\"nofollow\"\u003eSecurity Update for MyASUS\u003c/a\u003e\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.\nRefer to the \u0027\n\nSecurity Update for MyASUS\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T02:14:37.216Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-12793",
"datePublished": "2026-01-06T02:14:37.216Z",
"dateReserved": "2025-11-06T08:17:47.427Z",
"dateUpdated": "2026-01-06T18:57:12.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-12793",
"date": "2026-06-29",
"epss": "0.00115",
"percentile": "0.01801"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-12793\",\"sourceIdentifier\":\"54bf65a7-a193-42d2-b1ba-8e150d3c35e1\",\"published\":\"2026-01-06T03:15:41.120\",\"lastModified\":\"2026-06-17T08:32:58.067\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.\\nRefer to the \u0027\\n\\nSecurity Update for MyASUS\u0027 section on the ASUS Security Advisory for more information.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ruta de carga de DLL no controlada en AsusSoftwareManagerAgent. Un atacante local puede influir en la aplicaci\u00f3n para que cargue una DLL desde una ubicaci\u00f3n controlada por el atacante, lo que podr\u00eda resultar en ejecuci\u00f3n de c\u00f3digo arbitrario.\\nConsulte la secci\u00f3n \u0027Security Update for MyASUS\u0027 en el Aviso de Seguridad de ASUS para m\u00e1s informaci\u00f3n.\"}],\"affected\":[{\"source\":\"54bf65a7-a193-42d2-b1ba-8e150d3c35e1\",\"affectedData\":[{\"vendor\":\"ASUS\",\"product\":\"ASCI\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"64 bit\"],\"versions\":[{\"version\":\"Before v3.1.49.0\",\"status\":\"affected\"},{\"version\":\"Before v1.1.37.0\",\"status\":\"affected\"}]},{\"vendor\":\"ASUS\",\"product\":\"ASCI\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"ARM\"],\"versions\":[{\"version\":\"Before v3.2.50.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"54bf65a7-a193-42d2-b1ba-8e150d3c35e1\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-06T14:20:04.567403Z\",\"id\":\"CVE-2025-12793\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"54bf65a7-a193-42d2-b1ba-8e150d3c35e1\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asus:myasus:*:*:*:*:*:*:x64:*\",\"versionEndExcluding\":\"4.0.52.0\",\"matchCriteriaId\":\"B272677A-2AF9-4ECE-92E6-393C1227AF78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asus:myasus:*:*:*:*:*:*:arm64:*\",\"versionEndExcluding\":\"4.2.50.0\",\"matchCriteriaId\":\"1C177A8B-ED83-42D0-914E-90CF89FBA787\"}]}]}],\"references\":[{\"url\":\"https://www.asus.com/security-advisory\",\"source\":\"54bf65a7-a193-42d2-b1ba-8e150d3c35e1\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.asus.com/security-advisory\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-12793\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-06T14:20:04.567403Z\"}}}], \"references\": [{\"url\": \"https://www.asus.com/security-advisory\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-06T14:20:06.132Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Daniel Rhea\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.5, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ASUS\", \"product\": \"ASCI\", \"versions\": [{\"status\": \"affected\", \"version\": \"Before v3.1.49.0\"}, {\"status\": \"affected\", \"version\": \"Before v1.1.37.0\"}], \"platforms\": [\"64 bit\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ASUS\", \"product\": \"ASCI\", \"versions\": [{\"status\": \"affected\", \"version\": \"Before v3.2.50.0\"}], \"platforms\": [\"ARM\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.asus.com/security-advisory\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.\\nRefer to the \u0027\\n\\nSecurity Update for MyASUS\u0027 section on the ASUS Security Advisory for more information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.\u003cbr\u003eRefer to the \u0027\\n\\n\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\"\u003eSecurity Update for MyASUS\u003c/a\u003e\u0027 section on the ASUS Security Advisory for more information.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-426\", \"description\": \"CWE-426: Untrusted Search Path\"}]}], \"providerMetadata\": {\"orgId\": \"54bf65a7-a193-42d2-b1ba-8e150d3c35e1\", \"shortName\": \"ASUS\", \"dateUpdated\": \"2026-01-06T02:14:37.216Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-12793\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-06T18:57:12.443Z\", \"dateReserved\": \"2025-11-06T08:17:47.427Z\", \"assignerOrgId\": \"54bf65a7-a193-42d2-b1ba-8e150d3c35e1\", \"datePublished\": \"2026-01-06T02:14:37.216Z\", \"assignerShortName\": \"ASUS\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…