Today's cybersecurity headlines are brought to you by ThreatPerspective

AiCloud Vulnerability Exposed: The Critical ASUS Firmware Patch

A critical vulnerability has been discovered in ASUS routers with AiCloud enabled, allowing attackers to bypass authentication and gain unauthorized access to sensitive data. The vulnerability, tracked as CVE-2025-59366, has a CVSS score of 9.2, indicating its high severity. ASUS has released new firmware to address the issue, recommending that all customers update their router firmware to the latest version immediately. Users are advised to take proactive steps to secure their devices and protect against potential exploitation.

Pierluigi Paganini, a renowned cybersecurity expert, recently reported on a critical vulnerability in the AiCloud feature of ASUS routers. This vulnerability, tracked as CVE-2025-59366, has been assigned a CVSS score of 9.2, indicating its high severity and potential impact.

ASUS has released new firmware to address multiple vulnerabilities, including this critical authentication bypass flaw in routers with AiCloud enabled. The company has issued an advisory warning users about the vulnerability and recommending that all customers update their router firmware to the latest version immediately.

AiCloud is a remote access feature built into many ASUS routers, allowing devices to function as personal cloud servers for remote media streaming and cloud storage. The critical authentication bypass vulnerability in AiCloud can be triggered by an unintended side effect of the Samba functionality, potentially leading to the execution of specific functions without proper authorization.

The company has provided mitigations for customers using end-of-life models, including the usage of strong, unique passwords for both router login and WiFi. Additionally, ASUS recommends disabling all internet-facing services, such as AiCloud, WAN remote access, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP, to reduce exposure and improve security.

Recently, a new campaign called Operation WrtHug has compromised tens of thousands of outdated or end-of-life ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, pulling them into a large malicious network. Threat actors exploited multiple ASUS router vulnerabilities, including OS command injection (CVE-2023-41345 to CVE-2023-41348), arbitrary command execution (CVE-2024-12912), and improper authentication (CVE-2025-2492), targeting the AiCloud service for initial access.

The recent discovery of this critical vulnerability in AiCloud highlights the importance of regular firmware updates and secure configuration practices. ASUS's proactive response to this issue demonstrates its commitment to addressing security concerns and protecting its customers' devices.

Furthermore, the incident serves as a reminder that IoT devices, such as routers, can be vulnerable to exploitation due to various factors, including outdated software, weak passwords, and inadequate security measures. As the number of connected devices continues to grow, it is essential for manufacturers and users alike to prioritize security and take proactive steps to prevent vulnerabilities like this from being exploited.

In conclusion, the critical AiCloud vulnerability exposed by ASUS highlights the importance of regular firmware updates and secure configuration practices. The company's response demonstrates its commitment to addressing security concerns and protecting its customers' devices. Users are advised to update their router firmware to the latest version and take steps to reduce exposure and improve security.