CVE-2025-59374

Critical KEV CVSS: 9.3

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.

Vendor

Asus

Product

Live Update

CWE

CWE-506

Yayın Tarihi

2025-12-17 05:16:13

Güncelleme

2025-12-18 15:42:03

Source Identifier

54bf65a7-a193-42d2-b1ba-8e150d3c35e1

KEV Date Added

2025-12-17

Kategoriler

CWE-506 Live Update CRITICAL Asus 2025

Referanslar

https://www.asus.com/news/hqfgvuyz6uyayje1/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374

Benzer Kayıtlar

High

CVE-2025-15101

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS ro…

High

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the ap…

Critical

CVE-2025-59367

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to…