CVE-2025-59366

Name of the Vulnerable Software and Affected Versions AiCloud versions prior to 3.0.0.4 386/388/0.6 102

Description An authentication bypass issue exists in AiCloud due to an unintended side effect of the Samba functionality. This allows execution of specific functions without proper authorization. The issue is described as a critical flaw with a CVSS score of 9.2. The vulnerability can be triggered through path traversal and OS command injection. There is no information available regarding the number of potentially affected devices worldwide or any real-world incidents where this issue was exploited. The vulnerability is related to the Samba functionality, which may involve the use of specific API Endpoints and the manipulation of parameters such as

file path

or

user credentials

. The vulnerability allows unauthorized access to router functions.

Recommendations Update AiCloud to version 3.0.0.4 386/388/0.6 102 or later. As a temporary workaround, consider disabling remote services to minimize the risk of exploitation.