- ASUS patches CVE-2025-593656, a crucial authentication-bypass flaw in AiCloud-enabled routers
- Vulnerability permits unauthenticated RCE; customers urged to replace firmware or disable dangerous companies
- Replace fastened 9 flaws general, highlighting routers as prime cyberattack targets
Asus has patched a critical-level vulnerability in its router firmware which might be utilized in distant code execution (RCE) assaults. Given the potential threat, customers are suggested to use the repair instantly.
In a safety advisory revealed, Asus stated it fastened CVE-2025-593656, a crucial authentication-bypass vulnerability impacting the AiCloud remote-access/cloud function discovered on sure routers.
The problem stems from its interaction with the Samba file-sharing code which was broken and allowed unauthenticated attackers to run OS commands without valid credentials.
Qilin takes the blame
The bug was given a severity score of 9.2/10 (critical), and affects these firmware versions:
3.0.0.4_386
3.0.0.4_388
3.0.0.6_102
It is difficult to determine an exact list of affected models, but in general – any Asus router that includes and enables AiCloud, while running the affected firmware versions, is potentially vulnerable. This also includes routers that reached end-of-life status.
Users should apply the fix as soon as possible or, alternatively, disable AiCloud, Samba/file-sharing, remote WAN access, port-forwarding, and any other internet-facing services. Updating the admin password and the WiFi password to something stronger is also advised,
While definitely the most dangerous one, this is not the only flaw Asus addressed in this security update. According to the advisory, a total of 9 vulnerabilities were addressed this time, with the majority having a medium, or high-severity rating.
Being the gateway to all data passing through a network, the router is the primary target in many cyberattacks. Asus is one of the world’s most popular hardware manufacturers whose devices are often abused, which is why patching is considered essential. In April this year, the company fixed a separate, critical authentication bypass flaw that also affected routers with AiCloud enabled.
Furthermore, recent reports said that cybercriminals engaged in the WrtHug attacks also abused vulnerabilities found in ASUS routers.
Via BleepingComputer
One of the best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our skilled information, evaluations, and opinion in your feeds. Be certain that to click on the Comply with button!
And naturally you may also follow TechRadar on TikTok for information, evaluations, unboxings in video kind, and get common updates from us on WhatsApp too.
