ASUS has issued a mandatory update for its commercial PC line that removes a core security feature rather than patching it, in response to a high-severity vulnerability in the ASUS Business Manager suite. The flaw, tracked as CVE-2025-13348, has a CVSS score of 8.5 and resides in the Secure Delete driver, a component designed to wipe files beyond recovery.
According to the advisory, an improper access control vulnerability exists in the ASUS Secure Delete Driver of ASUS Business Manager, which could allow a local attacker to trigger arbitrary file creation through a specially crafted request. ASUS says the fix is to deprecate and completely remove the File Shredder function, so after updating the button will no longer appear, though organisations relying on data sanitisation will need a third-party alternative.
Administrators are urged to update to ASUS Business Manager V3.0.37.0 or later, available via the MyASUS Live Update feature or a manual download from the ASUS Support Site; the advisory notes the issue is specific to enterprise environments, with consumer models unaffected.