- ASUS patches CVE-2025-593656, a critical authentication bypass flaw on AiCloud-enabled routers
- The vulnerability allows unauthenticated RCE; Users are urged to update firmware or disable risky services.
- The update fixed nine flaws overall, highlighting routers as prime targets for cyberattacks.
Asus has patched a critical-level vulnerability in its router firmware that could be used in remote code execution (RCE) attacks. Given the potential risk, users are advised to apply the solution immediately.
In a published security advisory, Asus said it fixed CVE-2025-593656, a critical authentication bypass vulnerability affecting the AiCloud cloud/remote access feature found on certain routers.
The issue arises from its interaction with the Samba file-sharing code, which was broken and allowed unauthenticated attackers to execute operating system commands without valid credentials.
Qilin takes the blame
The bug received a severity score of 9.2/10 (critical) and affects these firmware versions:
3.0.0.4_386
3.0.0.4_388
3.0.0.6_102
An exact list of affected models is difficult to determine, but in general, any Asus router that includes and enables AiCloud, while running the affected firmware versions, is potentially vulnerable. This also includes routers that have reached end-of-life status.
Users should apply the fix as soon as possible or alternatively disable AiCloud, Samba/file sharing, remote WAN access, port forwarding and any other internet services. It is also recommended to update the administrator password and WiFi password to something more secure.
While it’s definitely the most dangerous, this isn’t the only flaw Asus addressed in this security update. According to the advisory, a total of 9 vulnerabilities were addressed this time, with most having a medium or high severity rating.
As the gateway to all data passing through a network, the router is the primary target of many cyberattacks. Asus is one of the most popular hardware manufacturers in the world and their devices are often abused, so patching is considered essential. In April this year, the company fixed a critical authentication bypass flaw that also affected routers with AiCloud enabled.
Additionally, recent reports claim that cybercriminals involved in the WrtHug attacks also abused vulnerabilities found in ASUS routers.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
