- ASUS patches CVE-2025-593656, a critical authentication bypass flaw in AiCloud-compatible routers
- Vulnerability enables unverified RCE; users were urged to update firmware or disable risky services
- The update fixed a total of nine flaws, highlighting routers as prime targets for cyber attacks
Asus has patched a critical level vulnerability in the router firmware that could be used in Remote Code Execution (RCE) attacks. Given the potential risk, users are advised to apply the solution immediately.
In a published security advisory, Asus says it has fixed CVE-2025-593656, a critical authentication bypass vulnerability that affects the AiCloud remote access/cloud feature found on certain routers.
The issue stems from the interaction with the Samba file sharing code, which was broken and allowed unauthenticated attackers to execute OS commands without valid credentials.
Qilin takes the blame
The bug received a severity rating of 9.2/10 (critical) and affects these firmware versions:
3.0.0.4_386
3.0.0.4_388
3.0.0.6_102
It is difficult to determine an exact list of affected models, but in general any Asus router that includes and enables AiCloud while running the affected firmware versions is potentially vulnerable. This also applies to routers that have reached end-of-life status.
Users should apply the fix as soon as possible or alternatively disable AiCloud, Samba/file sharing, remote WAN access, port forwarding, and other Internet-facing services. It is also advised to update the administrator password and WiFi password to something stronger.
While this is certainly the most dangerous, it is not the only flaw that Asus addresses in this security update. According to the advisory, a total of nine vulnerabilities have been addressed this time, with the majority having a medium or high severity rating.
Because the router is the gateway to all data passing through a network, it is the prime target in many cyber attacks. Asus is one of the world’s most popular hardware manufacturers whose devices are often misused. Therefore, patching is considered essential. In April this year, the company fixed a separate, critical authentication bypass flaw that also affected routers with AiCloud enabled.
Furthermore, recent reports indicate that cybercriminals involved in the WrtHug attacks also exploited vulnerabilities in ASUS routers.
Via BleepingComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as a preferred source to get our expert news, reviews and opinions in your feeds. Then be sure to click the Follow button!
And of course that is also possible Follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us WhatsApp at.
#Asus #warns #security #vulnerability #affecting #AiCloud #routers