CVE-2025-12003

Summary

A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSRouter3.0.0.4_386affected
ASUSRouter3.0.0.4_388affected
ASUSRouter3.0.0.6_102affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function
  • CWE-22: CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References