Critical ASUSTOR Flaw (CVE-2025-13051) Allows Local DLL Hijacking for SYSTEM Privilege Escalation
Do Son 
ASUSTOR has issued a security advisory warning of a critical DLL hijacking vulnerability affecting its backup and synchronization clients used on Windows systems. Tracked as CVE-2025-13051 and carrying a CVSS score of 9.3, the flaw allows local attackers to execute arbitrary code with SYSTEM-level privileges, posing a serious risk to enterprise and home users relying on ASUSTOR’s Windows software.
According to the advisory, “When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account.”
This results in full privilege escalation, enabling attackers to take complete control of the affected machine.
ASUSTOR confirms the following versions are vulnerable:
- ASUSTOR Backup Plan (ABP) 2.0.7.9050 and earlier
- ASUSTOR EZSync (AES) 1.0.6.8290 and earlier
The company classifies the severity as Important, noting that both applications load DLLs from directories that may be writable by low-privilege users—making DLL planting trivial for attackers with local access.
ASUSTOR urges customers to update to the patched versions without delay. The advisory states the issue has been addressed in:
- ABP (Backup Plan) → 2.0.7.10171 or above
- AES (EZSync) → 1.1.0.10312 or above
Related Posts:
- Asustor NAS devices were hit by Deadbolt ransomware
- Critical Flaw (CVE-2025-8070) in ASUSTOR Backup & EZSync Allows Local SYSTEM Privilege Escalation
- Dragos’s reseacher: Trisis malware has expanded its target
- Google Announces $4 Billion Arkansas Investment for New AI Data Center and 600 MW Solar Project
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
