Critical ASUS Router Flaw Allows Remote Execution of Malicious Code

ASUS has released urgent firmware updates to address a critical security flaw (CVE-2025-2492) affecting its popular routers with AiCloud enabled, warning users to update immediately to prevent remote exploitation.

Nature of the Vulnerability

The flaw, designated CVE-2025-2492 and assigned a CVSS v4 score of 9.2 (Critical), is an improper authentication control vulnerability in multiple ASUS router firmware series that support AiCloud, the company’s proprietary cloud-based remote access feature.

AiCloud allows users to access files on USB drives connected to their routers from anywhere, stream media, and sync files across networks and cloud services.

A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the affected router.

Due to the improper authentication check, the router may process the request without verifying the sender’s credentials, enabling unauthorized execution of functions on the device.

This means an attacker could gain control over the router, access sensitive files, or use the device as a launchpad for further attacks.

Technical Details

• Vulnerability Code: CVE-2025-2492
• Attack Vector: Remote (over the internet)
• Attack Complexity: Low (no authentication required)
• Impacted Feature: AiCloud (cloud-based file and device management)
• Firmware Branches Affected: 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102

ASUS Response and Mitigation

ASUS has released patched firmware for all affected models and strongly urges users to upgrade immediately. The company’s security advisory states:

Recommended Actions:

• Update Firmware: Download and install the latest firmware from the ASUS support portal or the product’s support page.
• Password Hygiene: Use strong, unique passwords (minimum 10 characters, including uppercase, lowercase, numbers, and symbols) for both the Wi-Fi network and router admin page. Avoid reusing passwords or using simple sequences like ‘1234567890’ or ‘qwertyuiop’.
• Disable AiCloud: If immediate updating is not possible or the device is end-of-life (EOL), disable AiCloud and all internet-accessible services (WAN remote access, port forwarding, DDNS, VPN server, DMZ, port triggering, FTP).
• Audit Security Settings: Regularly review device security settings and disable unused services.

Potential Impact and Exploitation

While there are currently no public reports of active exploitation or proof-of-concept code in the wild, vulnerabilities of this class are frequently targeted by attackers for malware distribution, data theft, or to conscript devices into botnets for distributed denial-of-service (DDoS) attacks.

ASUS’s Security Commitment

This incident comes as ASUS continues to strengthen its security practices, having been recognized as a CVE Numbering Authority (CNA) in 2024, allowing it to assign CVE identifiers and publish vulnerability records for its products.

The company emphasizes responsible disclosure and rapid response to security issues, maintaining a dedicated security advisory portal and encouraging customers to report vulnerabilities responsibly.

With the critical nature of CVE-2025-2492, ASUS router users—especially those utilizing AiCloud—must act swiftly to patch their devices.

Failure to do so could expose home and business networks to severe risks, including unauthorized access, data breaches, and network compromise.

For ongoing protection, users should maintain up-to-date firmware, practice strong password management, and disable unnecessary remote features.

For more information and step-by-step update instructions, visit the official ASUS Product Security Advisory page.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates