CVE-2019-25764 PUBLISHED

Assigner: ASUS
Reserved: 23.06.2026 Published: 17.07.2026 Updated: 17.07.2026

UNSUPPORTED WHEN ASSIGNED  Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation.

Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.3

Product Status

Vendor ASUS
Product AURA SYNC
Versions Default: unaffected
  • affected from 0 to 1.07.84 (excl.)

References

Problem Types

  • CWE-782: Exposed IOCTL with Insufficient Access Control CWE