Do Son 
In a move to fortify home and office networks, ASUS has released a security update for several of its router models. The update targets a high-severity vulnerability that could allow attackers to hijack a user’s session and take control of the networking hardware.
The flaw, tracked as CVE-2025-15101, is a Cross-Site Request Forgery (CSRF) vulnerability located within the router’s Web management interface. With a CVSSv4 score of 8.5, the risk is significant for users who manage their devices through a browser.
This vulnerability essentially tricks an authenticated user’s browser into sending unauthorized requests to the router. If successful, an attacker can:
- Perform actions with the existing privileges of the logged-in user.
- Execute system commands through unintended mechanisms on the device.
- Modify sensitive network settings without the user’s direct knowledge.
ASUS is “strongly recommending” that all affected users transition to the latest firmware version—specifically the 3.0.0.6_102 series or later—to ensure “optimal protection”.
Users can secure their devices by following these steps:
- Visit the ASUS support page or the specific product page for your router model.
- Download the firmware version 3.0.0.6_102 or higher.
- Access your router’s web interface and navigate to the Administration or Firmware Upgrade section to apply the update.
For those managing critical infrastructure or sensitive home data, this patch is a non-negotiable step in maintaining a secure perimeter. ASUS has made the latest firmware available on their official support site at https://www.asus.com/support/.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
