What security vulnerabilities has ASUS recently patched?

ASUS has released security updates for vulnerabilities in the ASUS System Control Interface Service and multiple critical vulnerabilities in ASUS Router firmware. The updates address one local privilege escalation issue (CVE-2025-59373) affecting MyASUS application and eight router firmware vulnerabilities ranging from critical to medium severity, including unauthenticated remote code execution flaws.

What is CVE-2025-59373 and how serious is it?

CVE-2025-59373 is a local privilege escalation vulnerability with a CVSS score of 8.5 affecting the ASUS System Control Interface Service in the MyASUS application. This vulnerability affects all personal computers running vulnerable versions of the System Control Interface Service. ASUS has patched this in MyASUS version 3.1.48.0 (x64) for Intel systems and version 4.2.48.0 (ARM) for ARM-based devices.

What are the most critical ASUS Router vulnerabilities?

The most critical router vulnerabilities include CVE-2025-59366 with a CVSS score of 9.2, which allows unauthenticated remote code execution, and CVE-2025-12003 with a score of 8.2, which enables high severity integrity compromise without authentication. Additionally, CVE-2025-59370 and CVE-2025-59371 both have scores of 7.5 and allow complete system compromise with high-level privileges.

What should users with End-of-Life ASUS routers do?

For End-of-Life router models that no longer receive firmware updates, ASUS advises ensuring strong and unique passwords for both router login and WiFi access. Users should also disable internet-accessible services including AiCloud, remote WAN access, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP to minimize security risks.

Advisory

ASUS reports vulnerabilities in MyASUS application and router firmware

Q: How can I update my MyASUS application?

Users can verify their current MyASUS version by navigating to MyASUS → Settings → About. The security update can be obtained either through Windows Update or by downloading the updated package directly from the ASUS Support site at https://www.asus.com/support/. The patched versions are 3.1.48.0 (x64) for Intel-based systems and 4.2.48.0 (ARM) for ARM-based devices.

published: Nov. 26, 2025

Take action: For ASUS routers, update firmware and for end-of-life models that can't be updated, disable all internet-accessible services (AiCloud, remote WAN access, port forwarding, DDNS, VPN server, DMZ, FTP) and use strong unique passwords. For MyASUS software, update to the latest patched version (3.1.48.0 for x64 or 4.2.48.0 for ARM) through Windows Update or download directly from the ASUS support site.

Learn More

ASUS has issued security updates for multiple vulnerabilities in ASUS System Control Interface Service and several critical vulnerabilities in ASUS Router firmware.

Vulnerabilities summary:

CVE-2025-59373 (CVSS score 8.5), for The ASUS System Control Interface Service is a local privilege escalation issue in MyASUS application. This vulnerability affects all personal computers running the vulnerable versions of the System Control Interface Service.

The ASUS Router security vulnerabilities.

CVE-2025-59366 (CVSS score 9.2) - Critical severity vulnerability allowing unauthenticated remote code execution
CVE-2025-12003 (CVSS score 8.2) - High severity integrity compromise vulnerability requiring no authentication
CVE-2025-59370 (CVSS score 7.5) - High severity vulnerability allowing complete system compromise with high-level privileges
CVE-2025-59371 (CVSS score 7.5) - High severity vulnerability allowing complete system compromise with high-level privileges
CVE-2025-59365 (CVSS score 6.9) - Medium severity denial of service vulnerability requiring high-level privileges
CVE-2025-59372 (CVSS score 6.9) - Medium severity integrity violation vulnerability requiring high-level privileges
CVE-2025-59368 (CVSS score 6.0) - Medium severity denial of service vulnerability requiring low-level privileges
CVE-2025-59369 (CVSS score 5.9) - Medium severity information disclosure vulnerability requiring high-level privileges

ASUS has patched the MyASYS vulnerability in version 3.1.48.0 (x64) for Intel based systems and version 4.2.48.0 (ARM) for ARM based devices. Users can verify their current version by navigating to MyASUS → Settings → About, and can obtain the security update either through Windows Update or by downloading the updated package directly from the ASUS Support site at https://www.asus.com/support/.

The ASUS Router flaws affect firmware series include 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102 series, and several End-of-Live models. For most flaws, patches were released in the firmware dated October 2025. The company strongly recommends that all users update their router firmware immediately to the latest version available for their specific model. For users with End-of-Life (EOL) models that are no longer supported with new firmware updates, ASUS advises ensuring strong and unique passwords for both router login and WiFi access, and disabling internet-accessible services such as AiCloud, remote WAN access, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.

ASUS reports vulnerabilities in MyASUS application and router firmware