CVE-2025-2492: Critical ASUS Router Vulnerability Requires Immediate Firmware Update

ASUS has released a firmware update addressing a critical-severity vulnerability—CVE-2025-2492—with a CVSSv4 score of 9.2. The flaw impacts several ASUS router firmware series with AiCloud enabled and could allow attackers to remotely execute unauthorized functions.

AiCloud is a feature in many ASUS routers that enables cloud-based remote access, essentially turning them into personal cloud servers.

Disclosed in February 2025, CVE-2025-2492 is classified as an improper authentication control vulnerability. According to the advisory, the issue exists in select firmware versions of ASUS routers and can be “triggered by a crafted request, potentially leading to unauthorized execution of functions.”

This means a remote attacker could exploit the flaw to bypass authentication and access sensitive router functions, compromising the network and connected devices.

The following firmware series are affected:

• 3.0.0.4_382
• 3.0.0.4_386
• 3.0.0.4_388
• 3.0.0.6_102

ASUS has addressed the vulnerability in firmware updates released after February 2025. Users can obtain the latest firmware from the ASUS Support Page or the specific Networking product page.

ASUS urges all users to immediately update their router firmware. In the advisory, they emphasize: “We advise you to check your equipment and security procedures regularly, as this will make you safer.”

Additionally, users should take the following steps:

1. Update Firmware: Always use the latest firmware available from the official ASUS website.
2. Strengthen Passwords: Use separate, complex passwords for your wireless network and router admin page. ASUS advises: “Passwords that have at least 10 characters, with a mix of capital letters, numbers and symbols. Do not use passwords with consecutive numbers or letters.”
3. Disable Risky Services: If you’re unable to update quickly or are using an end-of-life router, ASUS recommends disabling:

• AiCloud
• Remote access from WAN
• Port forwarding, DDNS, VPN server, DMZ, FTP, and port triggering

“If you are unable to update the firmware quickly… it is recommended to disable any services that can be accessed from the internet,” ASUS warns.

Related Posts:

• Multiple vulnerabilities affect all versions of ASUS routers
• ASUS Joins the Ranks of CVE Numbering Authorities
• Four Command Injection Vulnerabilities Found in ASUS RT-AX55 Routers
• CVE-2024-12912 & CVE-2024-13062: ASUS Routers at Risk
• ASUS and AdGuard Team Up to Deliver Ad-Free Wi-Fi 7 Experience

About The Author

Ddos

Ddos is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.

See author's posts