CVE-2025-59370

CWE-78OS Command Injection3 documents3 sources
Severity
7.5HIGH
EPSS
0.6%
top 31.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Router
Timeline
PublishedNov 25

Description

A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5asus/router3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102+2

🔴Vulnerability Details

2
CVEList
CVE-2025-59370: A command injection vulnerability has been identified in bwdpi2025-11-25
GHSA
GHSA-4fgj-hr8q-rhjw: A command injection vulnerability has been identified in bwdpi2025-11-25
CVE-2025-59370 (HIGH CVSS 7.5) | A command injection vulnerability h | cvebase.io