ASUS has recently released crucial new firmware designed to patch a total of nine security vulnerabilities discovered in its widely used routers. The most significant of these flaws is a critical authentication bypass vulnerability, identified as CVE-2025-59366, which specifically impacts routers where the AiCloud feature is active. AiCloud is an integrated, cloud-based remote access service available on many ASUS routers, effectively transforming them into private cloud servers capable of remote media streaming and storage. This vulnerability, as described by the Taiwanese electronics manufacturer, stems from an “unintended side effect of the Samba functionality,” which could potentially permit the execution of specific router functions without the necessary user authorization. Unprivileged remote attackers can exploit this weakness through a low-complexity attack chain involving path traversal and an OS command injection, notably requiring no user interaction to be successful.
Given the severity of this unauthenticated remote access flaw, the company has issued an urgent public warning. In a recent advisory, ASUS stated, “To protect your devices, ASUS strongly recommends that all users update their router firmware to the latest version immediately,” further adding, “We encourage you to do this when new firmware becomes available.” While the advisory did not specify the exact router models affected, it did list the specific firmware versions that contain the necessary patch. For users who own end-of-life router models that will not be receiving any further firmware updates, the company has provided essential mitigation measures to help secure their networks against potential compromise, even without the patch.
To preemptively block attacks like the one targeting CVE-2025-59366, users are strongly advised to disable all services that are accessible from the Internet. This critical list of services includes remote access from WAN, port forwarding, DDNS, VPN server functionality, DMZ, port triggering, and FTP. Furthermore, the company specifically recommended cutting off all remote access to any device currently running the AiCloud software, which is the primary vector for exploitation of the newly discovered vulnerability. These actions effectively reduce the exposed attack surface of the router, denying remote attackers an easy initial point of entry into the device and the connected network.
In addition to disabling exposed services, ASUS has also provided a set of general security best practices to further strengthen the router’s defenses against future and potential attacks. These supplementary measures include adopting and strictly enforcing the use of strong, complex passwords for both the router’s administration page and all wireless network connections. This proactive approach to password hygiene creates a robust initial barrier to unauthorized access, protecting the device even if an external vulnerability were to be found. Implementing these simple yet crucial steps can significantly enhance the long-term security posture of the device.
This latest patch follows a previous incident in April where ASUS addressed a different, but similarly critical, authentication bypass flaw identified as CVE-2025-2492, which was also triggered by a specially crafted request aimed at routers with AiCloud enabled. This earlier vulnerability, along with six other security issues, was actively exploited in a widespread global campaign known as Operation WrtHug. This campaign successfully hijacked thousands of ASUS WRT routers, specifically targeting outdated or end-of-life devices across regions including Southeast Asia, Russia, Central Europe, the United States, and Taiwan. SecurityScorecard researchers who monitored the campaign have expressed the belief that the compromised routers are likely being leveraged as operational relay boxes (ORB) by Chinese hacking groups, serving as stealthy relay nodes to proxy and conceal their command-and-control infrastructure.
Reference:
