CVE-2025-2027: Double Free
First published: Fri Mar 28 2025(Updated: )
A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information.
Credit: 54bf65a7-a193-42d2-b1ba-8e150d3c35e1
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ASUS System Analysis |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2027?
CVE-2025-2027 is classified as a moderate severity vulnerability due to the potential for service crashes and memory manipulation.
How do I fix CVE-2025-2027?
To fix CVE-2025-2027, you should apply the latest security updates provided by ASUS for the System Analysis service.
What type of vulnerability is CVE-2025-2027?
CVE-2025-2027 is a double free vulnerability that can be exploited through specially crafted local RPC requests.
What are the potential impacts of CVE-2025-2027?
The potential impacts of CVE-2025-2027 include service crashes and possible memory manipulation under certain conditions.
Which ASUS products are affected by CVE-2025-2027?
CVE-2025-2027 specifically affects the ASUS System Analysis service.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/event
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/asus
- canonical/asus system analysis