ID

VAR-202603-5327


CVE

CVE-2025-15101


TITLE

ASUSTeK Computer Inc. of ASUS  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363

DESCRIPTION

An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. This vulnerability allows authenticated users to perform operations on affected devices using existing privileges, and may also allow them to execute system commands in an unintended manner. For more information, see [link/reference]. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-15101 // JVNDB: JVNDB-2026-009363

AFFECTED PRODUCTS

vendor:asusmodel:asusscope:lteversion:3.0.0.6_102

Trust: 1.0

vendor:asustek computermodel:asusscope: - version: -

Trust: 0.8

vendor:asustek computermodel:asusscope:eqversion: -

Trust: 0.8

vendor:asustek computermodel:asusscope:lteversion:asus firmware 3.0.0.6_102 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-15101
value: HIGH

Trust: 1.0

54bf65a7-a193-42d2-b1ba-8e150d3c35e1: CVE-2025-15101
value: HIGH

Trust: 1.0

NVD: CVE-2025-15101
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2025-15101
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2025-15101
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101 // NVD: CVE-2025-15101

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101

PATCH

title:ASUS Security Advisory | Latest Vulnerability Updateurl:https://www.asus.com/security-advisory/

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363

EXTERNAL IDS

db:NVDid:CVE-2025-15101

Trust: 2.6

db:JVNDBid:JVNDB-2026-009363

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101

REFERENCES

url:https://www.asus.com/security-advisory/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-15101

Trust: 0.8

sources: JVNDB: JVNDB-2026-009363 // NVD: CVE-2025-15101

SOURCES

db:JVNDBid:JVNDB-2026-009363
db:NVDid:CVE-2025-15101

LAST UPDATE DATE

2026-06-18T21:11:56.793000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-009363date:2026-03-31T02:45:00
db:NVDid:CVE-2025-15101date:2026-05-13T04:17:02.273

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-009363date:2026-03-31T00:00:00
db:NVDid:CVE-2025-15101date:2026-03-26T03:16:02.400