ASUS AiCloud Router Security Flaw – Critical Bypass

ASUS‍ Routers Vulnerable to Multiple Security Flaws – Update Firmware Immediately

ASUS has issued a security advisory warning of multiple vulnerabilities in⁣ its router firmware that could allow remote attackers to compromise devices. The vulnerabilities are exploitable without requiring user interaction and ‌involve a combination of path traversal and OS command injection.

Key takeaways:

* Vulnerability Details: Multiple CVEs are affected (CVE-2025-59365, CVE-2025-59366, CVE-2025-59368, CVE-2025-59369, CVE-2025-59370, CVE-2025-59371, CVE-2025-59372, CVE-2025-12003).
* Affected Firmware: 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102 series.
* Severity: Low‌ complexity attacks, no user interaction required.
* Suggestion: ASUS strongly recommends updating to the latest firmware immediately.

* mitigation for End-of-Life Models: ‍ Disable services accessible from the internet (remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, FTP) and cut remote access to AiCloud software.
* Additional security Measures: Use strong ​passwords for the router administration page and wireless networks.

resources:

* ASUS Security⁢ Advisory: https://www.asus.com/security-advisory/#:~:text=Security%20Update%20for%20ASUS%20Router%20Firmware

* BleepingComputer Article: (This article)
* Previous ASUS Vulnerability (April 2024): https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-auth-bypass-flaw-in-routers-using-aicloud/

* CVE-2025-2492: https://nvd.nist.gov/vuln/detail/CVE-2025-2

Sponsored Link: https://www.wiz.io/lp/ai-data-security-best-practices-cheat-sheet?utm_source=bleepingcomputer&utm_medium=display&utm_campaign=FY26Q3_INB_Form_AI-Data-Security-Best-Practices&sfcid=701Py00000SmgsrIAB&utm_term=FY26Q4-bleepingcomputer-970×250&utm_content=AI-Data-Security-BP ‍ – AI Data⁣ Security Best Practices Cheat Sheet.