CVE-2025-15101
Published: 26 March 2026
Summary
CVE-2025-15101 is a high-severity OS Command Injection (CWE-78) vulnerability in Asus Asus Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires mechanisms like anti-CSRF tokens to ensure web session authenticity, directly preventing forged requests from tricking authenticated users into executing commands on the ASUS router.
SI-10 mandates validation of all inputs to the web interface, blocking OS command injection (CWE-78) even if a CSRF-forged request reaches the router.
SI-2 ensures timely application of firmware patches as advised in the ASUS Security Advisory, eliminating the specific CSRF vulnerability in affected router models.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public web management interface directly enables remote exploitation of the router (T1190) leading to arbitrary OS command execution via the shell (T1059.004).
NVD Description
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including…
more
the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Deeper analysisAI
CVE-2025-15101 is a Cross-Site Request Forgery (CSRF) vulnerability in the Web management interface of certain ASUS router models. Published on 2026-03-26, it enables actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. The issue is linked to CWE-352 (Cross-Site Request Forgery) and CWE-78 (Improper Neutralization of Special Elements used in an OS Command), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Attackers can exploit this vulnerability remotely over the network with low complexity and no required privileges, though it relies on user interaction. By tricking an authenticated user into submitting a forged request—such as via a malicious webpage or link—the attacker can impersonate the user to the router's web interface. Successful exploitation grants high-impact outcomes, including unauthorized access to confidential data, modification of system integrity, and disruption of availability through arbitrary system command execution.
The ASUS Security Advisory provides mitigation guidance; refer to the 'Security Update for ASUS Router Firmware' section at https://www.asus.com/security-advisory/ for details on patches and remediation steps.
Details
- CWE(s)