ASUS CVE-2025-59366 Alert: Critical Auth Bypass in AiCloud Routers — What You Need to Do Now

November 26, 2025 Faeem BLOGS 0

ASUS has issued a firmware update to patch nine vulnerabilities, including a critical authentication bypass flaw (CVE-2025-59366) affecting routers with AiCloud enabled. This flaw allows remote attackers to execute privileged functions without authorization by chaining path traversal and OS command injection — all without user interaction.

What’s vulnerable and why it matters

  • AiCloud turns ASUS routers into personal cloud servers for remote access and media streaming.
  • CVE-2025-59366 is triggered by a Samba-related side effect, allowing attackers to bypass authentication and execute commands.
  • The flaw affects multiple firmware series:
    • 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102
  • ASUS has not listed specific router models, but any device running AiCloud with these firmware versions is potentially exposed.

Immediate actions for all users

  1. Update firmware immediately
    • Visit ASUS’s support site and install the latest firmware for your router model.
    • Confirm that the update includes patches for CVE-2025-59366 and related vulnerabilities.
  2. If your router is end-of-life (EoL) and cannot be patched
    • Disable all internet-facing services:
      • Remote access from WAN
      • Port forwarding
      • DDNS
      • VPN server
      • DMZ
      • Port triggering
      • FTP
    • Cut off AiCloud access from the internet entirely.
    • Use strong passwords for both router admin and Wi-Fi networks.

For enterprise and security teams

  • Audit router fleets for AiCloud-enabled ASUS devices, especially in branch offices or remote setups.
  • Segment and isolate vulnerable routers from critical infrastructure.
  • Monitor for signs of compromise: unexpected traffic, config changes, or new admin accounts.
  • Replace EoL routers with supported models that receive regular security updates.

Context: Why this threat is serious

  • CVE-2025-59366 follows a similar flaw (CVE-2025-2492) patched in April, which was exploited in Operation WrtHug — a global campaign that hijacked thousands of ASUS WRT routers.
  • Hijacked routers were used as Operational Relay Boxes (ORBs) in suspected Chinese cyber operations, acting as stealth proxies for command-and-control infrastructure.
  • Attackers target outdated or unpatched routers to build resilient, low-visibility networks for espionage, malware delivery, and data exfiltration.

Final thought

If you’re running AiCloud on an ASUS router, this is a critical moment to act. Patch now, disable internet-facing services if you can’t, and consider replacing unsupported hardware. The attack surface for home and small office routers is growing — and attackers are exploiting it to build global infrastructure. Let me know if you’d like help drafting a patch rollout checklist or a router hardening guide for your environment.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.