CVE-2025-2492 โ€” Authentication Bypass Using an Alternate Path or Channel in Router

CWE-288 โ€” Authentication Bypass Using an Alternate Path or Channel4 documents4 sources
Severity
9.2CRITICALNVD
EPSS
0.4%
top 39.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Router
Timeline
PublishedApr 18

Description

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

โ–ถCVEListV5asus/router4 versions+3

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-532h-wp9v-fjxq: An improper authentication control vulnerability exists in AiCloudโ†—2025-04-18
โ–ถ
CVEList
CVE-2025-2492: An improper authentication control vulnerability exists in AiCloudโ†—2025-04-18
โ–ถ
VulnCheck
ASUS asus_firmware Authentication Bypass Using an Alternate Path or Channelโ†—2025
โ–ถ
CVE-2025-2492 โ€” Asus Router vulnerability | cvebase