CVE-2025-59366

Summary

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization.

Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSRouter3.0.0.4_386affected
ASUSRouter3.0.0.4_388affected
ASUSRouter3.0.0.6_102affected

Weaknesses

  • CWE-22: CWE-22: Path Traversal
  • CWE-78: CWE-78: OS Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References