CVE-2025-59366
CRITICALASUS Router - Authentication Bypass via Samba Functionality
Title source: llmDescription
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://www.asus.com/content/security-advisory/
Scores
CVSS v4
9.2
EPSS
0.0016
EPSS Percentile
36.1%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-22
CWE-78
Status
published
Products (3)
ASUS/Router
3.0.0.4_386
ASUS/Router
3.0.0.4_388
ASUS/Router
3.0.0.6_102
Published
Nov 25, 2025
Tracked Since
Feb 18, 2026