CVE-2025-59370 | THREATINT

Description

A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

PUBLISHED Reserved 2025-09-15 | Published 2025-11-25 | Updated 2025-11-25 | Assigner ASUS

HIGH: 7.5CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

3.0.0.4_386

affected

3.0.0.4_388

affected

3.0.0.6_102

affected

References

www.asus.com/security-advisory/ vendor-advisory

cve.org (CVE-2025-59370)

nvd.nist.gov (CVE-2025-59370)

Download JSON