ASUS has released firmware updates to address nine security vulnerabilities, including a critical authentication bypass affecting routers with AiCloud enabled. The vendor identified the flaw as CVE-2025-59366.
AiCloud is a cloud-based remote access feature that lets ASUS routers act as private cloud servers for media streaming and storage. ASUS said in a Monday advisory the vulnerability can be triggered by an unintended side effect of Samba functionality and could allow execution of specific functions without proper authorization.
According to the vendor, remote attackers with no privileges can exploit the flaw by chaining a path traversal and an operating-system command injection weakness in low-complexity attacks that do not require user interaction. ASUS urged users to update router firmware to the latest versions immediately.
ASUS listed firmware branches that address the issues, including 3.0.0.4_386, 3.0.0.4_388 and 3.0.0.6_102 series. The vendor included the following CVE identifiers for the 3.0.0.4_386 series: CVE-2025-59365, CVE-2025-59366, CVE-2025-59368, CVE-2025-59369, CVE-2025-59370, CVE-2025-59371, CVE-2025-59372 and CVE-2025-12003.
ASUS did not specify which router models are affected and offered mitigation guidance for end-of-life devices that will not receive updates. Recommended steps include disabling services accessible from the Internet-remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering and FTP-and cutting remote access to devices running vulnerable AiCloud software, along with using strong passwords for the router administration page and wireless networks.
In April the vendor patched another critical authentication bypass, CVE-2025-2492, which had been exploited along with other flaws in a campaign that hijacked thousands of end-of-life and outdated ASUS routers. SecurityScorecard researchers who tracked those attacks said the hijacked devices may have been used as operational relay boxes in suspected Chinese hacking operations.