CVE-2025-12793 is an untrusted search path vulnerability classified under CWE-426 found in the AsusSoftwareManagerAgent component of ASUS ASCI software. The vulnerability arises because the application loads DLLs without properly validating or restricting the search path, allowing a local attacker to place a malicious DLL in a location that the application will load instead of the legitimate DLL. This can lead to arbitrary code execution with the privileges of the AsusSoftwareManagerAgent process. The vulnerability affects versions before v3.1.49.0 and v1.1.37.0, and was published on January 6, 2026. The CVSS 4.0 base score is 8.5, indicating high severity, with an attack vector of local access, low attack complexity, no privileges required beyond local user, no user interaction, and high impact on confidentiality, integrity, and availability. The vulnerability does not require network access or user interaction, making it a potent local privilege escalation or persistence vector if an attacker gains local access. No known exploits have been reported in the wild yet, but the risk remains significant due to the potential for arbitrary code execution. The vulnerability is particularly relevant for enterprise environments where ASUS ASCI software is deployed for device management or system utilities, as exploitation could compromise endpoint security and allow attackers to execute malicious payloads stealthily.

For European organizations, this vulnerability poses a substantial risk to endpoint security and IT infrastructure management. Successful exploitation can lead to arbitrary code execution, enabling attackers to install malware, steal sensitive data, or disrupt system operations. Since the vulnerability requires local access, it is particularly dangerous in environments where multiple users share systems or where attackers can gain initial footholds through other means (e.g., phishing, physical access). The high impact on confidentiality, integrity, and availability means that critical business operations could be compromised, leading to data breaches, operational downtime, and reputational damage. Organizations relying on ASUS ASCI for device management or software updates may find their systems vulnerable to persistent threats if patches are not applied promptly. The absence of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score underscores the urgency of addressing the issue.

European organizations should immediately verify the version of ASUS ASCI software deployed and upgrade to versions v3.1.49.0 or later and v1.1.37.0 or later where the vulnerability is patched. In addition to patching, organizations should implement strict application whitelisting and DLL loading path validation policies to prevent unauthorized DLLs from being loaded by critical applications. Employ endpoint detection and response (EDR) tools to monitor for suspicious DLL loading behavior and local privilege escalation attempts. Restrict local user permissions to the minimum necessary to reduce the risk of local exploitation. Conduct regular audits of software and system configurations to identify and remediate insecure DLL search paths. Educate IT staff and users about the risks of local attacks and the importance of physical security and access controls. Finally, monitor ASUS security advisories for any updates or additional patches related to this vulnerability.