Home / Vulnerability Intelligence / CVE-2025-15101

CVE-2025-15101 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 26, 2026

ASUS Router - Cross Site Request Forgery

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

ASUS routers contain a cross site request forgery caused by lack of proper request validation in the web management interface, letting attackers perform actions with authenticated user privileges, exploit requires user to be authenticated.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.8%(Probability of exploitation in next 30 days)

Impact

Attackers can perform actions with authenticated user privileges, potentially leading to system command execution and device compromise.

Mitigation

Update to the latest firmware version as per ASUS Security Advisory.

References

https://www.asus.com/security-advisory/

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 26, 2026

🟠 CVE-2025-15101 - High (8.8) A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated use... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15101/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-15101
Severity: High
CVSS Score: 8.8
Type: cross_site_request_forgery
Status: confirmed
EPSS: 1.8%
Social Posts: 1

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

1.8%Probability of exploitation in the next 30 days