Recently, the Cybersecurity and Infrastructure Security Agency (CISA) added (along with two others) a vulnerability in ASUS Live Update to its catalog of Known Exploited Vulnerabilities (KEV).

The KEV catalog lists vulnerabilities that are known to be exploited in the wild and sets patch deadlines for Federal Civilian Executive Branch (FCEB) agencies. When CISA adds an issue to this list, it’s a strong signal that exploitation is real, ongoing, and urgent.

The ASUS Live Update Embedded Malicious Code vulnerability, tracked as CVE-2025-59374 (with a CVSS score of 9.3), affects Live Update, a utility commonly used to deliver firmware and software updates to ASUS devices.

This isn’t the first time ASUS Live Update has been linked to serious security incidents. In 2019, ASUS responded to media reports about attacks on the Live Update tool by advanced persistent threat (APT) groups, stating that:

“A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group.”

Later investigations revealed that a sophisticated supply chain attack mounted in 2018, attributed to Chinese state-sponsored attackers, had inserted a backdoor into ASUS Live Update. The attack was particularly effective because that utility came preinstalled on most ASUS devices and was used to the automatically update BIOS, UEFI, drivers, and other components.

CISA now notes that the affected devices could be abused to perform unintended actions if certain conditions are met. Originally, the attackers reportedly targeted only around 600 specific devices, based on hashed MAC addresses hardcoded in various versions of the tool. This was despite the fact that millions of users may have downloaded the backdoored utility.

Support for the ASUS Live Update application has since been discontinued. The final intended version of ASUS Live Update was 3.6.15, but it will continue to provide software updates. This is likely why a CVE was assigned and why the vulnerability was added to the KEV catalog. There was no official “why now” statement from ASUS, MITRE, or CISA, but the timing aligns with a legacy, end-of-support product being reclassified as a vulnerability with confirmed active exploitation.

What do ASUS users need to do?

First of all, make sure you’re running a clean version of the utility. ASUS urges users to update to version 3.6.8 or later to address known security issues.

• Right-click the ASUS Live Update icon at the bottom-right corner of your Windows screen
• Click About to see the version information as the shown in the picture below.
  
• If you are on an older version, open the program and click Check update immediately
• ASUS Live Update will automatically find the latest driver and utility.
• Click Install
• After updating, recheck and ensure it shows “No updates.”

Alternatively, you can download and install the latest version manually. ASUS’ own support article describes the only official way to get the current Live Update package:​

1. Go to the ASUS Official Website (asus.com)
2. Use the search box to find your exact model (e.g., UX580GD)
3. Open the product page and click Support → Driver & Tools
4. Select your operating system (e.g., Windows 10/11 64-bit).​
5. In the Utilities section, locate ASUS Live Update and click Download

This is as close as we could get you to a “direct” official download. The URL is different for every model and ASUS does not provide a central Live Update installer directory. While this makes it harder than it maybe should be, we do recommend using this official download. Given the history of supply chain abuse involving this tool, downloading it from third-party sources is a risk not worth taking.

---

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

According to the Indian Computer Emergency Response Team (CERT-In), thousands of households, small offices, and service providers across the country may already be at risk due to a newly uncovered authentication bypass flaw tracked as CVE-2025-59367. India’s national cybersecurity agency has issued a security alert after identifying a severe vulnerability in several widely used Asus DSL-series WiFi routers. The warning, published in CERT-In Vulnerability Note CIVN-2025-0322, outlines how remote attackers could infiltrate specific router models without user involvement. The affected devices include the Asus DSL-AC51, DSL-N16, and DSL-AC750, three routers that are common in home and SOHO environments relying on DSL internet connections.  CERT-In states that the flaw enables an attacker to bypass login controls and gain unrestricted access to the router’s administrative interface. Once the router is compromised, the intruder could alter configuration settings, observe or reroute internet traffic, intercept personal or financial information, or even compromise connected devices. The agency describes the risks to confidentiality, integrity, and availability as “critical.” 

CVE-2025-59367 Enables Authentication Bypass and Network Compromise 

In its advisory, CERT-In explains that a "vulnerability has been reported in ASUS DSL series routers that allows a remote attacker to gain unauthorized access into the affected system.” The agency notes that the issue affects the DSL-AC51, DSL-N16, and DSL-AC750 models and warns that successful exploitation could result in unauthorized access, modification of configuration parameters, access to sensitive information transmitted through the router, and compromise of connected systems.  The advisory is targeted at IT and network administrators, SOC analysts, SMB operators, home and SOHO users, and managed service providers or ISPs, highlighting the widespread nature of the vulnerability. CERT-In’s assessment reiterates that the authentication bypass flaw, identified as CVE-2025-59367, poses direct threats to data confidentiality and system integrity.  The report also details the broader context of the Asus DSL series line, explaining that these devices serve as integrated modem-router units for environments dependent on DSL connections. Because these routers often operate as central networking hubs, any breach may expose all devices and data flowing through the network.  The advisory includes a directive: “Apply appropriate security updates as mentioned in: https://www.asus.com/security-advisory.” CERT-In urges users to immediately install the firmware patches that Asus has begun releasing for the affected models. The agency also recommends that users change default passwords, disable remote management functions unless necessary, and review router security settings for any misconfigurations. Monitoring router logs for abnormalities has also been emphasized as a crucial preventive step. 

Conclusion  

Asus rolls out patches for the authentication bypass flaw CVE-2025-59367; CERT-In is urging all users of affected DSL-series routers to apply updates immediately. The agency has reiterated the seriousness of the vulnerability and advised users to review their router settings, update firmware through the Asus security advisory page, and remain alert to suspicious activity. Incidents like CVE-2025-59367 show how essential it is for organizations to have reliable insight into new vulnerabilities. Cyble supports this need through detailed vulnerability intelligence, helping teams identify high-risk issues, track exploit activity, and prioritize remediation across assets and products. Its intelligence goes beyond standard CVE and NVD listings, offering context on exploits, attack methods, and threat actor discussions.  Schedule a personalized demo with Cyble to assess how its intelligence platform can support your security operations.