ASUS has released critical security updates addressing a local privilege escalation (LPE) vulnerability in the ASUS System Control Interface Service, a core component used by the MyASUS application across ASUS desktop PCs, laptops, NUC systems, and All-in-One machines. 华硕已发布关键安全更新，修复了其系统控制接口服务中的一个本地权限提升漏洞，该服务是MyASUS应用程序在ASUS台式机、笔记本电脑、NUC系统和一体机上使用的核心组件。

Tracked as CVE-2025-59373 with a CVSS score of 8.4 (High), the flaw allows a low-privileged user to escalate privileges to SYSTEM, the highest level on Windows, by abusing a flawed file-restore mechanism. 该漏洞编号为CVE-2025-59373，CVSS评分为8.4（高危），允许低权限用户通过滥用有缺陷的文件恢复机制，将权限提升至Windows最高级别的SYSTEM权限。

According to the advisory, “a local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM.” 根据安全公告，“ASUS系统控制接口的恢复机制中存在一个本地权限提升漏洞。当非特权攻击者在没有适当验证的情况下将文件复制到受保护的系统路径时，可能会触发此漏洞，导致任意文件以SYSTEM权限执行。”

This means that any attacker with basic local access — including malware running under standard user permissions — could replace trusted files with malicious ones, gaining full control over the device. 这意味着任何拥有基本本地访问权限的攻击者——包括在标准用户权限下运行的恶意软件——都可能用恶意文件替换受信任的文件，从而获得对设备的完全控制。

华硕确认此问题影响所有个人电脑，具体包括：

Desktops 台式机

Laptops 笔记本电脑

NUC systems NUC系统

All-in-One (AIO) PCs 一体机

Any device running an affected version of the ASUS System Control Interface is vulnerable. 任何运行受影响版本ASUS系统控制接口的设备都存在此漏洞。

ASUS has resolved the vulnerability in the following updated releases: 华硕已在以下更新版本中修复了该漏洞：

ASUS System Control Interface 3.1.48.0 (x64) ASUS System Control Interface 4.2.48.0 (ARM)

Users can verify their installed version by navigating to: MyASUS → Settings → About. 用户可以通过导航至“MyASUS → 设置 → 关于”来验证其安装的版本。

Users can obtain the update through: 用户可以通过以下方式获取更新：

Windows Update Windows更新

Downloading the updated package directly from the ASUS Support site. 直接从华硕支持网站下载更新包。