November 26, 2025 By Sergiu Gatlan
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled.
AiCloud is a cloud-based remote access feature that comes with many ASUS routers, turning them into private cloud servers for remote media streaming and cloud storage.
As the Taiwanese electronics manufacturer explained, the CVE-2025-59366 vulnerability "can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization."
Remote attackers without privileges can exploit it by chaining a path traversal and an OS command injection weakness in low-complexity attacks that don't require user interaction.
"To protect your devices, ASUS strongly recommends that all users update their router firmware to the latest version immediately," the company said in a Monday advisory.
"Update your router with the newest firmware. We encourage you to do this when new firmware becomes available."
| Firmware | CVE |
| 3.0.0.4_386 series | CVE-2025-59365 CVE-2025-59366 CVE-2025-59368 CVE-2025-59369 CVE-2025-59370 CVE-2025-59371 CVE-2025-59372 CVE-2025-12003 |
| 3.0.0.4_388 series | |
| 3.0.0.6_102 series |
While ASUS didn't specify which router models are affected and only mentioned which firmware versions address the vulnerability, it provided mitigation measures for users with end-of-life models that will not receive firmware updates.
