CVE-2025-59366

CWE-22Path TraversalCWE-78OS Command Injection4 documents4 sources
Severity
9.2CRITICAL
EPSS
0.2%
top 58.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Router
Timeline
PublishedNov 25
Latest updateNov 26

Description

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5asus/router3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102+2

🔴Vulnerability Details

2
CVEList
CVE-2025-59366: An authentication-bypass vulnerability exists in AiCloud2025-11-25
GHSA
GHSA-5xfw-547q-p6mq: An authentication-bypass vulnerability exists in AiCloud2025-11-25

🕵️Threat Intelligence

1
Bleepingcomputer
ASUS warns of new critical auth bypass flaw in AiCloud routers2025-11-26
CVE-2025-59366 (CRITICAL CVSS 9.2) | An authentication-bypass vulnerabil | cvebase.io