Details of VAR-202603-5327

ID

VAR-202603-5327

CVE

CVE-2025-15101

TITLE

ASUSTeK Computer Inc. of ASUS Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363

DESCRIPTION

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. For more information, see [link/reference]. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-15101 // JVNDB: JVNDB-2026-009363

AFFECTED PRODUCTS

vendor:	asus	model:	asus	scope:	lte	version:	3.0.0.6_102	Trust: 1.0
vendor:	asustek computer	model:	asus	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	asus	scope:	eq	version:	-	Trust: 0.8
vendor:	asustek computer	model:	asus	scope:	lte	version:	asus firmware 3.0.0.6_102 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-15101
value:	HIGH
Trust: 1.0
54bf65a7-a193-42d2-b1ba-8e150d3c35e1:	CVE-2025-15101
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-15101
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2025-15101
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-15101
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101 // NVD: CVE-2025-15101

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site request forgery (CWE-352) [ others ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101

PATCH

title:

ASUS Security Advisory | Latest Vulnerability Update

url:

https://www.asus.com/security-advisory/

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363

EXTERNAL IDS

db:	NVD	id:	CVE-2025-15101	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-009363	Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101

REFERENCES

url:	https://www.asus.com/security-advisory/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-15101	Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101

SOURCES

db:	JVNDB	id:	JVNDB-2026-009363
db:	NVD	id:	CVE-2025-15101

LAST UPDATE DATE

2026-04-03T23:48:26.334000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-009363	date:	2026-03-31T02:45:00
db:	NVD	id:	CVE-2025-15101	date:	2026-03-26T16:43:20.300

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-009363	date:	2026-03-31T00:00:00
db:	NVD	id:	CVE-2025-15101	date:	2026-03-26T03:16:02.400