Ddos 
ASUS has issued a mandatory update for its commercial computer line that completely removes a core security feature rather than patching it. The alert concerns a high-severity vulnerability in the ASUS Business Manager suite, specifically targeting the tool meant to permanently delete sensitive data.
The vulnerability, tracked as CVE-2025-13348, carries a CVSS score of 8.5, indicating a significant risk to system integrity. The flaw resides in the “Secure Delete” driver, a component designed to wipe files beyond recovery. Ironically, this security tool became a security hole.
The issue stems from how the software handles permissions. According to the advisory, “An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager”.
By exploiting this gap, a local attacker could trick the driver into doing their bidding. The advisory explains that “this vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path”.
This capability—arbitrary file creation—is a potent weapon in the hands of an attacker. It can be used to overwrite critical system configuration files, plant malicious scripts in startup folders, or bypass other security restrictions on the machine.
Faced with the risk, ASUS opted for the nuclear option. Instead of attempting to patch the driver’s logic, they have decided to eliminate the risk entirely by removing the functionality.
“To resolve this security risk, ASUS has deprecated and completely removed the ‘File Shredder’ function in the latest version,” the company stated.
This means that after updating, administrators and users will notice the “File Shredder” button is gone. While this removes the vulnerability, it also means organizations relying on this specific tool for data sanitization will need to find a third-party alternative.
The advisory clarifies that this issue is specific to the enterprise environment. “This update applies exclusively to ASUS commercial computers; consumer models are not affected,” the report notes.
Administrators managing ASUS workstations are urged to update to ASUS Business Manager V3.0.37.0 or later immediately. The update is available via the MyASUS Live Update feature or through a manual download from the ASUS Support Site.
Related Posts:
- ASUS Urges Windows 11 Upgrade: The Dawn of AI-Powered PCs and the End of Windows 10
- Multiple vulnerabilities affect all versions of ASUS routers
- ASUS Joins the Ranks of CVE Numbering Authorities
- CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted
Donate