Asus has released new firmware updates for its consumer routers that address nine security vulnerabilities, including a critical AiCloud authentication bypass tracked as CVE-2025-59366. The flaw allows remote attackers to perform actions on the router without logging in as an administrator, putting both stored files and network configuration at direct risk.
AiCloud: Remote Access Feature Turned Attack Vector
AiCloud is Asus’s built-in remote access platform that turns a home router into a personal cloud server. Users can browse files on USB drives attached to the router, stream media, synchronize data with public cloud services, and share content via links accessible from the internet.
Such convenience features inevitably expand the router’s attack surface. The case of CVE-2025-59366 illustrates a broader trend in IoT security: the more internet‑exposed functionality a consumer device offers, the stronger its security controls must be. When protections lag behind capabilities, cloud-style services on home routers become attractive targets for automated scans and mass exploitation.
Inside CVE-2025-59366: Samba Misuse, Path Traversal, and Command Injection
According to Asus, the CVE-2025-59366 vulnerability stems from an “unintended side effect” in the router’s use of Samba, the component responsible for file sharing over network protocols such as SMB. Due to flawed input handling, certain AiCloud operations can be executed without proper permission checks.
How Attackers Can Chain Path Traversal and Command Injection
The issue can be exploited by an unauthenticated attacker on the internet who combines two well-known attack techniques: path traversal and command injection.
Path traversal abuses file paths (for example, using sequences like “../”) to escape the intended directories and reach sensitive locations on the device. This can expose configuration files, access tokens, or data that should never be available via the web interface.
Command injection allows an attacker to smuggle arbitrary system commands into parameters that the device later executes. If the vulnerable component passes user-controlled input to the operating system without adequate sanitization, the router may run the attacker’s commands with high privileges.
In the context of CVE-2025-59366, this means a remote attacker may be able to browse or modify files, change settings, or plant malware on the router without any user interaction. No malicious link needs to be clicked; exploitation only requires that the router is reachable from the internet and AiCloud is enabled. This pattern mirrors previous IoT botnet campaigns, such as Mirai, which relied on large-scale scanning and automated exploitation of exposed routers and smart devices.
Which Asus Firmware Versions Are Considered Secure
Asus reports that nine vulnerabilities have been fixed in total, including CVE-2025-59365, CVE-2025-59366, CVE-2025-59368, CVE-2025-59369, CVE-2025-59370, CVE-2025-59371, CVE-2025-59372 and CVE-2025-12003. Technical details for most of these flaws have not yet been fully disclosed, but they collectively affect remote access and other router services.
The vendor has not published a specific list of affected router models. Instead, Asus highlights firmware branches where all nine vulnerabilities are remediated: 3.0.0.4_386, 3.0.0.4_388 and 3.0.0.6_102. Owners of Asus routers should check the firmware version in the web interface and apply available updates immediately via the interface or the official support site.
Legacy Asus Routers: When No Security Patch Is Coming
For older, end-of-life routers that will not receive firmware updates, Asus recommends hardening by disabling all services that expose the device to the internet. This includes WAN-side remote administration, port forwarding, DDNS, VPN servers, DMZ, port triggering and FTP.
In particular, users are urged to turn off any AiCloud functionality accessible from the internet on devices potentially vulnerable to CVE-2025-59366. Unsupported routers that remain online with open remote services often become easy prey for botnets and mass exploitation tools.
WrtHug and CVE-2025-2492: A Recent Warning Sign
The risk is not theoretical. Earlier in 2025, Asus fixed another critical AiCloud authentication bypass, CVE-2025-2492, triggered by specially crafted remote access requests.
Subsequent analysis revealed that CVE-2025-2492, together with six additional vulnerabilities, had been weaponized in a major malware operation known as WrtHug. Attackers compromised thousands of Asus routers, with a concentration of victims among outdated, unsupported devices in Taiwan, Southeast Asia, Russia, Central Europe and the United States. The incident highlights a recurring pattern: vendors release patches, but many users never update their firmware, leaving devices exposed to automated scanning and exploitation.
Security Recommendations for Asus Routers and Home Networks
To reduce the likelihood of compromise of an Asus router and the surrounding home or small-office network, it is advisable to follow several fundamental security practices:
1. Keep router firmware up to date. Check regularly for new releases, especially if the device is a few years old. Do not rely solely on automatic checks in the web interface; periodically verify the latest version on the official Asus website.
2. Disable unused remote access services. Any open port to the internet can be an entry point. If features such as AiCloud, WAN-side administration, VPN, FTP or media sharing are not strictly necessary, turn them off or restrict them to VPN-only access.
3. Use strong, unique passwords. Administrative interfaces and cloud accounts should be protected with long, unique passwords or passphrases. Many large-scale attacks still begin with attempts to guess default or weak credentials.
4. Treat unsupported routers as inherently high-risk. When a device stops receiving security updates, its exposure increases over time. Replacing legacy routers with models that receive regular firmware and security support is often the most effective long-term defense.
Repeated incidents around AiCloud underscore a broader lesson: home routers are no longer simple “set and forget” appliances but critical security gateways. Promptly installing Asus firmware updates, limiting unnecessary internet exposure and planning timely hardware replacement significantly reduce the chances that a household router will become another node in the growing ecosystem of compromised IoT infrastructure.
