ASUS
CVE Numbering Authority
Latest CVE published
Overview
ASUS is a CVE Numbering Authority that has published 32 CVE records since 2024. It is currently classified as active, with 32 CVEs published in the last two years. Its CVE data quality is graded A (100% overall completeness).
Among the 370 CNAs tracked here, ASUS ranks #213 by CVE volume and reports more complete records than 60% of all CNAs.
Data quality report card
How complete and consistent ASUS's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often ASUS also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
100%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of ASUS's published CVEs breaks down, and how many are known to be exploited in the wild.
In CISA’s Known Exploited Vulnerabilities catalog
1
One of ASUS's CVEs is confirmed exploited in the wild and carries a CISA remediation deadline.
Common weakness types
The CWE weakness categories ASUS most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-732Incorrect Permission Assignment for Critical Resource4 CVEs
- CWE-125Out-of-bounds Read4 CVEs
- CWE-121Stack-based Buffer Overflow3 CVEs
- CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')3 CVEs
- CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition2 CVEs
- CWE-20Improper Input Validation2 CVEs
- CWE-1284Improper Validation of Specified Quantity in Input2 CVEs
- CWE-288Authentication Bypass Using an Alternate Path or Channel2 CVEs
Publishing activity by year
How many CVEs ASUS has published each year.
Top vendors
The vendors ASUS publishes the most CVEs for.
- ASUS55 CVEs
Top products
The products ASUS publishes the most CVEs for.
- Router14 CVEs
- Armoury Crate10 CVEs
- MyASUS4 CVEs
- System Control Interface v33 CVEs
- Business Manager3 CVEs
- System Control Interface3 CVEs
- DriverHub3 CVEs
- ASUS Business System Control Interface2 CVEs
Latest CVEs
The most recent CVEs assigned by ASUS.
- CVE-2019-25764CWE-782High · CVSS 7.3EPSS 0.1%2026-07-17
- CVE-2026-13385CWE-354Critical · CVSS 9.5EPSS 0.1%2026-07-15
- CVE-2026-15029CWE-822High · CVSS 8.4EPSS 0.1%2026-07-15
- CVE-2026-15030CWE-125Medium · CVSS 5.6EPSS 0.1%2026-07-15
- CVE-2026-13585CWE-770High · CVSS 8.2EPSS 0.1%2026-07-15
- CVE-2026-8920CWE-923High · CVSS 8.5EPSS 0.1%2026-07-15
- CVE-2026-8919CWE-942High · CVSS 7.2EPSS 0.3%2026-07-15
- CVE-2026-11851CWE-89Medium · CVSS 5.9EPSS 0.3%2026-07-15
- CVE-2022-4989CWE-1284High · CVSS 8.5EPSS 0.1%2026-07-03
- CVE-2022-4990CWE-1284High · CVSS 7.3EPSS 0.1%2026-07-03
- CVE-2026-8921CWE-73High · CVSS 8.5EPSS 0.1%2026-07-03
- CVE-2026-12960CWE-926Medium · CVSS 6.0EPSS 0.1%2026-07-03
Track new ASUS CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor ASUS CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the ASUS CNA.
- What is the ASUS CNA?
- ASUS is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 32 CVE records since 2024.
- How many CVEs has ASUS published?
- ASUS has published 32 CVE records, including 32 in the last two years.
- What is ASUS's CVE data quality grade?
- RadicalNotion.AI grades ASUS's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
- What products does ASUS publish CVEs for?
- ASUS most frequently publishes CVEs for Router, Armoury Crate, MyASUS, System Control Interface v3, Business Manager.
- Which vendors does ASUS cover?
- ASUS publishes CVEs across 1 distinct vendors, most often ASUS.
- Is ASUS actively publishing CVEs?
- ASUS is currently active, based on 32 CVEs in the last two years.
- What is the average severity of ASUS's CVEs?
- The average CVSS base score across ASUS's scored CVEs is 7.5.
- How many critical CVEs has ASUS published?
- ASUS has published 6 critical-severity CVEs and 28 high-severity CVEs.
- Are any of ASUS's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 1 of ASUS's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in ASUS's CVEs?
- ASUS's CVEs most often map to these CWE weakness types: CWE-732 (Incorrect Permission Assignment for Critical Resource), CWE-125 (Out-of-bounds Read), CWE-121 (Stack-based Buffer Overflow), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')).
- How does ASUS rank among CNAs?
- By total CVE volume, ASUS ranks #213 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track ASUS CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.