CVE-2025-15101 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 26, 2026
ASUS Router - Cross Site Request Forgery
Published: March 26, 2026Updated: March 26, 2026Remote Exploitable
Overview
ASUS routers contain a cross site request forgery caused by lack of proper request validation in the web management interface, letting attackers perform actions with authenticated user privileges, exploit requires user to be authenticated.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can perform actions with authenticated user privileges, potentially leading to system command execution and device compromise.
Mitigation
Update to the latest firmware version as per ASUS Security Advisory.
References
Related Resources
Details
- CVE ID
- CVE-2025-15101
- Severity
- High
- CVSS Score
- 8.8
- Type
- cross_site_request_forgery
- Status
- confirmed
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H