What is CVE-2025-59367?

CVE-2025-59367 is a critical security vulnerability with a CVSS score of 9.3 affecting ASUS DSL series routers. It is an authentication bypass flaw that allows remote, unauthenticated attackers to gain complete administrative access to vulnerable devices.

What ASUS router models are affected by CVE-2025-59367?

The affected ASUS DSL router models include the DSL-AC51 (Dual-band wireless AC750 DSL modem router), DSL-N16 (Wireless-N300 ADSL/VDSL modem router), and DSL-AC750 (Dual-band wireless AC750 DSL modem router).

How severe is the ASUS DSL router vulnerability CVE-2025-59367?

CVE-2025-59367 is rated as critical with a CVSS score of 9.3. The vulnerability is an authentication bypass flaw that allows remote, unauthenticated attackers to gain complete administrative access to vulnerable ASUS DSL routers without any authentication.

Where can users download the ASUS firmware update for CVE-2025-59367?

Users can download and install the patched firmware version 1.1.2.3_1010 from the ASUS support page or directly from their product pages on the ASUS Networking website.

What type of vulnerability is CVE-2025-59367?

CVE-2025-59367 is an authentication bypass vulnerability affecting ASUS DSL routers. ASUS has not disclosed further technical details of the exploit mechanism.

Advisory

Critical authentication bypass flaw in ASUS DSL series routers enables remote takeover

Q: What can attackers do with the ASUS router vulnerability CVE-2025-59367?

Unauthenticated remote attackers can exploit this flaw to modify router configurations, intercept network traffic, establish persistent backdoors, and use compromised routers as pivot points to attack internal networks.

published: Nov. 14, 2025

Take action: First make sure all management interfaces of any router are not exposed to the internet. Then, if you have ASUS DSL-AC51, DSL-N16, or DSL-AC750 routers, update to firmware version 1.1.2.3_1010 to fix the critical flaw that lets attackers take full control. If your model is end-of-life and can't be patched, make sure all internet-facing services are disabled and seriously consider replacing the router.

Learn More

ASUS has patched a critical security vulnerability in its DSL series routers that allows remote, unauthenticated attackers to gain complete administrative access to vulnerable devices.

The vulnerability, tracked as CVE-2025-59367 (CVSS score 9.3), is an authentication bypass flaw, but ASUS has not disclosed further details of the exploit. According to the advisory, unauthenticated remote attackers can exploit this flaw to modify router configurations, intercept network traffic, establish persistent backdoors, and use compromised routers as pivot points to attack internal networks.

The following ASUS DSL router models are affected by this vulnerability:

DSL-AC51 - Dual-band wireless AC750 DSL modem router
DSL-N16 - Wireless-N300 ADSL/VDSL modem router
DSL-AC750 - Dual-band wireless AC750 DSL modem router

ASUS has released firmware version 1.1.2.3_1010 to patch CVE-2025-59367 for all affected models. Users can download and install the patched firmware from the ASUS support page or directly from their product pages on the ASUS Networking website.

For end-of-life models that will not receive firmware updates, ASUS recommends that all services accessible from the internet must be disabled, including remote access from WAN, port forwarding rules, Dynamic DNS services, VPN server functionality, DMZ configurations, port triggering, and FTP services. These mitigation measures reduce risk but they do not eliminate the vulnerability. ASUS strongly recommends upgrading to supported hardware for users with end-of-life devices.

Critical authentication bypass flaw in ASUS DSL series routers enables remote takeover

Read More
Cisco BroadWorks reports critical authentication bypass vulnerability
Critical RCE flaw reported in Palo Alto Networks …
Cisco reports critical vulnerabilities in its Expressway Series
Ivanti Patches Critical Zero-Day RCE Flaws in EPMM
Nagios patches multiple flaws in their Log Server, …