CVE-2025-2027
Published: 28 March 2025
Summary
CVE-2025-2027 is a medium-severity Double Free (CWE-415) vulnerability in Asus (inferred from references). Its CVSS base score is 5.9 (Medium).
Operationally, ranked at the 31.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8551
Vulnerability details
A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to…
more
the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.