ASUS has released firmware to address a critical authentication bypass affecting several DSL series routers, issuing version 1.1.2.3_1010 for the DSL-AC51, DSL-N16 and DSL-AC750 models. The flaw is tracked as CVE-2025-59367 and was noted in an ASUS security advisory.
The vulnerability can allow remote, unauthenticated attackers to log into unpatched devices exposed to the internet in low-complexity attacks that do not require user interaction, ASUS said. The company advised users to install the new firmware as soon as possible.
For users who cannot immediately patch or have end-of-life models, ASUS provided mitigation steps and advised that they immediately update their devices where possible. As a temporary measure it recommended disabling services accessible from the internet, including remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering and FTP.
ASUS also urged administrators to use complex passwords for the router administration page and wireless networks, to check regularly for firmware and security updates, and to avoid reusing credentials. While there are no reports of active exploitation of this specific flaw, the vendor and researchers warned that router vulnerabilities are commonly abused to install botnet malware for distributed denial-of-service attacks.
Security researchers have previously linked large-scale router compromise campaigns to similar authentication issues. Analysts at Sekoia tracked an actor dubbed Vicious Trap that exploited older ASUS flaws, and GreyNoise documented a botnet tracked as AyySSHush that relied on backdoored routers.
ASUS also patched another critical authentication bypass in April, tracked as CVE-2025-2492, and reiterated that users should apply firmware updates or follow the vendor’s mitigation guidance if updates are not available for their model.