ASUS has released an urgent security update to fix nine major vulnerabilities, including a critical authentication bypass flaw that affects routers with the AiCloud feature enabled. Cybersecurity experts strongly advise users to update immediately, as the flaw can be exploited remotely and without user interaction.
AiCloud is a remote-access and personal cloud feature available in many ASUS routers. It allows users to stream media, access files, and manage storage from anywhere through the internet. While it offers convenience, this feature also increases the attack surface for hackers if left unpatched.
The most serious flaw fixed in the new update is tracked as CVE-2025-59366. According to ASUS, this vulnerability occurs because of an unintended side effect in the router’s Samba functionality, which could allow attackers to execute certain functions without proper authorization.
In simple terms: a hacker can exploit this weakness to bypass the router’s login protections.
Security researchers explain that attackers do not need any privileges to exploit this flaw. They can combine two weaknesses—path traversal and OS command injection—to gain unauthorized access.
What makes this especially dangerous is that:
The attack is low complexity
It requires no user interaction
It can be launched remotely over the internet
This means even non-technical attackers could weaponize it if they discover vulnerable routers online.
In a Monday advisory, ASUS urged all customers to install the latest firmware as soon as possible.
“To protect your devices, ASUS strongly recommends that all users update their router firmware to the latest version immediately,” the company said.
ASUS also reminded users to keep their routers updated regularly whenever new firmware is released.
ASUS provided a list of firmware versions where the vulnerabilities, including CVE-2025-59366, are fixed. These include:
Patched Firmware Series
3.0.0.4_386
CVE-2025-59365
CVE-2025-59366
CVE-2025-59368
CVE-2025-59369
CVE-2025-59370
CVE-2025-59371
CVE-2025-59372
CVE-2025-12003
3.0.0.4_388
3.0.0.6_102
Although ASUS listed which firmware versions contain security fixes, the company did not mention specific router models affected. This has raised concerns among users who may not know whether their hardware is vulnerable.
Many ASUS routers that are older or classified as end-of-life will not receive firmware updates. For such users, ASUS recommends disabling all internet-accessible services to reduce exposure. This includes turning off:
Remote access from WAN
Port forwarding
Dynamic DNS (DDNS)
VPN server features
DMZ
Port triggering
FTP
Any web access to AiCloud services
Disabling these features prevents remote attackers from reaching the device, effectively blocking the attack path even without a patch.
ASUS also advised users to tighten security by:
Using strong, unique passwords for both the router admin page and Wi-Fi networks
Disabling features that are not needed
Frequently checking for firmware updates
Avoiding remote access unless absolutely necessary
These steps help reduce the attack surface and protect home and office networks from remote exploitation.
This is not the first major issue affecting ASUS AiCloud routers. In April, ASUS patched a similar critical authentication bypass flaw identified as CVE-2025-2492.
That vulnerability was exploited in the wild during a global hacking operation called Operation WrtHug, where attackers hijacked thousands of ASUS WRT routers. These attacks targeted outdated and end-of-life devices across:
Taiwan
Southeast Asia
Russia
Central Europe
The United States
Researchers at SecurityScorecard linked the campaign to possible Chinese state-aligned hackers. They believe the compromised routers were used as operational relay boxes (ORBs)—stealthy nodes that help attackers hide command-and-control (C2) infrastructure.
Routers are often ignored when it comes to updates, but they serve as the first line of defense for home and business networks. A single compromised router can:
Expose devices inside the network
Enable attackers to steal data
Allow hackers to spy on traffic
Turn the device into part of a botnet or proxy network
Grant unauthorized access to sensitive files through AiCloud
Given the ease of exploitation and the wide use of ASUS routers worldwide, this vulnerability poses a significant cybersecurity risk.
The discovery of CVE-2025-59366 is a strong reminder that routers must be updated just like any other device. With attackers increasingly focusing on network appliances, users should patch their ASUS routers immediately and disable internet-facing features on unsupported models.
Regular updates, strong passwords, and minimal exposure remain the best defenses against these fast-evolving router threats.
Interesting Article : Oracle Zero-Day (CVE-2025-61757) Under Active Exploitation, CISA Issues Alert
Pingback: Microsoft Strengthens Entra ID Login Security with 2026 CSP Rules