cbcvebase.
CVE-2025-59367
published 2025-11-13

CVE-2025-59367: An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the…

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.81%
52.4th percentile
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.

Affected

6 ranges
VendorProductVersion rangeFixed in
asusdsl-ac51
asusdsl-ac51_firmware< 1.1.2.3_10101.1.2.3_1010
asusdsl-ac750
asusdsl-ac750_firmware< 1.1.2.3_10101.1.2.3_1010
asusdsl-n16
asusdsl-n16_firmware< 1.1.2.3_10101.1.2.3_1010

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-59367 is an authentication bypass requiring no user interaction and no privileges — detect unauthenticated login attempts against ASUS DSL-series router admin interfaces exposed on WAN
  • Affected models for CVE-2025-59367 are DSL-AC51, DSL-N16, and DSL-AC750 — scope detection and asset inventory to these specific ASUS DSL router models
  • In the broader WrtHug campaign context, watch for replacement of the default ASUS-generated self-signed TLS certificate on router services with a new self-signed certificate having a 100-year lifetime — a key IOC for compromise
  • ·Patched firmware version is 1.1.2.3_1010 — devices not yet on this version for DSL-AC51, DSL-N16, and DSL-AC750 remain vulnerable to CVE-2025-59367
  • ·If patching is not immediately possible, ASUS advises disabling all WAN-facing services as a mitigation — remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP should all be disabled
  • ·End-of-life devices that will not receive the firmware update have no vendor-supported patch path; disabling internet-facing services or replacing the device is the only mitigation

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.