ASUS Patches Critical AiCloud Flaw (CVE-2025-59366) Allowing Remote Router Takeover

ASUS continues to patch dangerous flaws in its home routers following a wave of attacks targeting the AiCloud service. The company has released a new firmware version addressing nine vulnerabilities, including a critical authentication bypass affecting devices with remote access to local storage enabled.

AiCloud transforms a home router into a compact cloud server, allowing users to access files over the internet and stream media remotely. According to the Taiwanese manufacturer, the most severe flaw — CVE-2025-59366 — stems from a side effect of Samba’s behaviour and enables certain functions to be executed without permission checks. An attacker needs only to combine path traversal with command injection — a low-complexity attack requiring neither credentials nor user interaction.

The remaining vulnerabilities are catalogued as CVE-2025-59365, CVE-2025-59368, CVE-2025-59369, CVE-2025-59370, CVE-2025-59371, CVE-2025-59372, and CVE-2025-12003. Fixes are already integrated into firmware branches 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102. ASUS does not list specific models, focusing instead on firmware versions. The company strongly urges users to install updated firmware through the router’s built-in management interface to eliminate the risk of unauthorized access to AiCloud.

For devices that have reached end-of-support and no longer receive updates, ASUS offers a workaround. Owners of such routers are advised to disable all services exposed to the internet: WAN-side remote administration, port forwarding, DDNS, VPN servers, DMZ, FTP, and to block remote access for devices using AiCloud. Additional recommendations include reducing the attack surface by setting complex passwords for both the administration panel and wireless networks.

This latest wave of fixes also ties back to events earlier in the year. In April, ASUS patched another critical authentication bypass in AiCloud, CVE-2025-2492. Together with several other vulnerabilities, it was leveraged during Operation WrtHug, a campaign that compromised tens of thousands of ASUS WRT routers. The attacks primarily targeted outdated or long-unpatched devices across Taiwan, Southeast Asia, Russia, Central Europe, and the United States.

According to SecurityScorecard, compromised routers are repurposed as ORB operational relays in support of Chinese threat groups—used to mask command-and-control infrastructure and obscure attack traffic. A significant portion of these compromised devices were running AiCloud, making it one of the principal entry points for intrusion.

The ASUS case underscores a broader lesson: the security of home routers depends directly on timely firmware updates and the avoidance of unnecessary remote-access features — particularly on older models that no longer receive patches.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy