CVE-2025-59369 | THREATINT

Description

A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

PUBLISHED Reserved 2025-09-15 | Published 2025-11-25 | Updated 2025-11-25 | Assigner ASUS

MEDIUM: 5.9CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQLCommand ('SQL Injection')

Product status

Default status

unaffected

3.0.0.4_386

affected

3.0.0.4_388

affected

3.0.0.6_102

affected

References

www.asus.com/security-advisory/ vendor-advisory

cve.org (CVE-2025-59369)

nvd.nist.gov (CVE-2025-59369)

Download JSON