**UNSUPPORTED WHEN ASSIGNED** Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation.
Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.asus.com/security-advisory |
|
History
Fri, 17 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 06:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | **UNSUPPORTED WHEN ASSIGNED** Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information. | |
| First Time appeared |
Asus
Asus aura Sync |
|
| Weaknesses | CWE-782 | |
| CPEs | cpe:2.3:a:asus:aura_sync:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Asus
Asus aura Sync |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: ASUS
Published:
Updated: 2026-07-17T10:10:36.305Z
Reserved: 2026-06-23T07:34:36.865Z
Link: CVE-2019-25764
Updated: 2026-07-17T10:10:31.727Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T08:00:06Z