CVE-2025-13348 is an improper access control vulnerability classified under CWE-862, found in the ASUS Secure Delete Driver, a component of ASUS Business Manager software. The vulnerability arises because the driver fails to enforce proper authorization checks when processing requests from local users. A local attacker with limited privileges (PR:L) can send specially crafted requests to the driver, which may result in the creation of arbitrary files in locations specified by the attacker. This can lead to unauthorized file creation, potentially enabling privilege escalation, persistence mechanisms, or disruption of system integrity. The vulnerability does not require user interaction (UI:N) and has low attack complexity (AC:L), making exploitation feasible for local users. The CVSS 4.0 vector indicates high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H), emphasizing the severity of potential consequences. Although no exploits are currently known in the wild, the vulnerability's nature and scoring suggest it could be targeted in the future. ASUS Business Manager is typically pre-installed or used in enterprise environments to manage ASUS hardware and software features, making this vulnerability relevant for organizations relying on ASUS systems. The lack of a patch link indicates that a fix may be pending or recently released, so monitoring ASUS advisories is critical.

For European organizations, this vulnerability poses a significant risk, especially those using ASUS Business Manager in enterprise or critical infrastructure environments. The ability for a local low-privileged user to create arbitrary files can facilitate privilege escalation, unauthorized code execution, or persistence, potentially compromising sensitive data and system integrity. This could lead to operational disruptions, data breaches, or lateral movement within networks. Sectors such as government, finance, healthcare, and manufacturing that deploy ASUS hardware and management tools may face increased exposure. The vulnerability's local nature limits remote exploitation but insider threats or compromised user accounts could exploit it. Given the high CVSS score and broad impact on confidentiality, integrity, and availability, the threat could result in severe operational and reputational damage if exploited.

Organizations should immediately inventory ASUS Business Manager deployments and restrict local user access to systems running the vulnerable driver. Applying the latest security updates from ASUS as soon as they are released is critical. Until patches are available, consider disabling or uninstalling ASUS Business Manager if feasible, or applying application whitelisting and endpoint protection controls to monitor and block suspicious file creation activities. Implement strict local user privilege management to minimize the number of users with access to affected systems. Employ host-based intrusion detection systems (HIDS) to detect anomalous behavior related to file creation in sensitive directories. Regularly audit system logs for unusual activity associated with the ASUS Secure Delete Driver. Additionally, educate IT staff about the vulnerability to ensure rapid response to any suspicious incidents.