Vulnerabilities ›

CVE-2025-12793

High

ASUS MyASUS DLL Hijacking Vulnerability Enables Privilege Escalation

CWE-426 — Weakness Type

                    Published: Jan 6, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.
Refer to the '

Security Update for MyASUS' section on the ASUS Security Advisory for more information.

🤖 AI Executive Summary

CVE-2025-12793 is an uncontrolled DLL loading vulnerability in AsusSoftwareManagerAgent that allows local attackers to execute arbitrary code by manipulating DLL load paths. This high-severity vulnerability (CVSS 7.8) affects systems running vulnerable versions of ASUS software.

📄 Description (Arabic)

تسمح هذه الثغرة للمهاجمين المحليين بالتأثير على تطبيق AsusSoftwareManagerAgent لتحميل ملفات DLL من مواقع يتحكم بها المهاجم. قد يؤدي هذا إلى تنفيذ كود عشوائي بصلاحيات التطبيق المتأثر.

🤖 ملخص تنفيذي (AI)

CVE-2025-12793 هي ثغرة في تحميل DLL غير المنضبط في AsusSoftwareManagerAgent تسمح للمهاجمين المحليين بتنفيذ كود عشوائي. تؤثر هذه الثغرة عالية الخطورة على الأنظمة التي تقوم بتشغيل إصدارات ضعيفة من برامج ASUS.

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 05:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government banking telecom healthcare

🎯 MITRE ATT&CK Techniques

T1547.001 T1574.001 T1574.008

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Update ASUS software to the latest patched version immediately. Implement application whitelisting and restrict DLL search paths. Monitor for suspicious DLL loading activities and enforce principle of least privilege for user accounts.

🔧 خطوات المعالجة (العربية)

قم بتحديث برامج ASUS إلى أحدث إصدار معدل فوراً. طبق قائمة بيضاء للتطبيقات وقيد مسارات البحث عن DLL. راقب أنشطة تحميل DLL المريبة وفرض مبدأ أقل صلاحية للحسابات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2

🔵 SAMA CSF

CC-6.1 CC-6.2

🟡 ISO 27001:2022

12.2.1 12.6.1

🔗 References & Sources 2

🔗

https://www.asus.com/security-advisory

54bf65a7-a193-42d2-b1ba-8e150d3c35e1

Vendor Advisory

🔗

https://www.asus.com/security-advisory

134c704f-9b21-4f2e-91b3-4a467353bcc0

Vendor Advisory

📦 Affected Products / CPE 2 entries

asus:myasus

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-426

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-01-06

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-426

🏢 Vendor Advisories

🔗 https://www.asus.com/security-advisory 🔗 https://www.asus.com/security-advisory

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-12793

💬 Comments

Introduce Yourself

Sign In Required