Home

Description

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.

PUBLISHED Reserved 2025-09-15 | Published 2025-11-25 | Updated 2025-11-26 | Assigner ASUS




CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-22: Path Traversal

CWE-78: OS Command Injection

Product status

Default status
unaffected

3.0.0.4_386
affected

3.0.0.4_388
affected

3.0.0.6_102
affected

Credits

Nanyu Zhong of VARAS@IIE reporter

References

www.asus.com/content/security-advisory/ vendor-advisory

cve.org (CVE-2025-59366)

nvd.nist.gov (CVE-2025-59366)

Download JSON