CVE-2025-2492

Name of the Vulnerable Software and Affected Versions ASUS AiCloud (affected versions not specified)

Description A critical authentication control issue exists in ASUS AiCloud, potentially allowing attackers to bypass authentication and execute unauthorized functions on affected devices remotely. The vulnerability is triggered by a crafted request. The issue has a CVSS score of 9.2, indicating a high level of severity. It is reported to be actively exploited. While the exact number of potentially affected devices is not specified, the vulnerability poses a significant risk to users of ASUS routers with AiCloud enabled. The vulnerability allows remote attackers to execute functions on susceptible devices.

Recommendations Update your ASUS router to the latest firmware version. If updating is not possible, disable AiCloud and any other services accessible from the internet, such as remote access from WAN, port forwarding, and VPN servers. Use strong, unique passwords for your network and devices.