ASUS Warns of Critical Auth Bypass Flaw

ASUS is warning customers about a critical authentication control vulnerability in some of its routers that can allow an attacker to bypass authentication and take unauthorized actions on the vulnerable device. 

CVE: CVE-2025-2492

Why it Matters: The vulnerability is in the AiCloud feature in some ASUS routers, which is designed to enable users to share and manage their files across devices. The feature is in many of the company’s routers, but the devices that are affected are running one of these firmware versions: 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102 series. “Successfully exploiting this vulnerability would allow an attacker to alter the configuration of the router and potentially execute arbitrary code,” Rob King of runZero said in an analysis of the bug. 

Key Details

• The flaw affects the 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102 series firmware in ASUS devices

• ASUS disclosed the bug on April 18 and has released updated firmware to address the vulnerability

• “Successful exploitation of these vulnerabilities would allow an attacker to take control of the vulnerable devices. As these devices are generally located at the network edge, they are often exposed to the public internet,” King said.

• There are no reports of active exploitation of this vulnerability as of yet

Customers who own a device running a vulnerable version of the firmware should upgrade as soon as possible to prevent exploitation.