CVE-2025-59374

Name of the Vulnerable Software and Affected Versions ASUS Live Update versions prior to 3.6.8 ASUS Live Update versions 3.6.8 through 3.6.15 ASUS Live Update versions prior to October 2021

Description Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. These modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The issue is linked to the 2018-2019 “Operation ShadowHammer” campaign, where attackers compromised ASUS Live Update servers to deliver malicious code to a limited number of targeted systems. The Live Update client reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected. The vulnerability has been assigned CVE-2025-59374 and added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, though this is considered a retrospective classification of a past incident rather than an indication of current active exploitation. Over one million users were potentially affected, with approximately 600 devices specifically targeted. The compromised software could allow for the execution of arbitrary commands, data exfiltration, or disruption of device functionality.

Recommendations For versions prior to 3.6.8, discontinue use of ASUS Live Update immediately. For versions 3.6.8 through 3.6.15, discontinue use of ASUS Live Update immediately. For versions prior to October 2021, discontinue use of ASUS Live Update immediately.