Vulnerability in Asus System Control Interface

CVE-2026-7480

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechan…

EPSS: 0.000 (2.7th percentile) — read the EPSS interpretation.

Affected products

Asus System Control Interface — versions 3.1.59.0 and earlier, 3.2.60.0 and earlier

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

54bf65a7-a193-42d2-b1ba-8e150d3c35e1 (vendor-advisory)