The Daily Patch
Back to News
vulnerability🌐InternationalThe Hacker News

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

Thursday, December 18, 2025

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

What

A critical vulnerability in ASUS Live Update was identified, linked to a supply chain attack that allowed unauthorized modifications to the software, potentially leading to exploitation on targeted devices.

Where

United States, affecting users of ASUS products globally

When

The vulnerability was reported on Wednesday, with the original supply chain attack identified in March 2019 and the software reaching end-of-support on December 4, 2025.

Key Factors

  • CVE-2025-59374 has a CVSS score of 9.3, indicating high severity.
  • The vulnerability stems from a supply chain compromise that introduced malicious code into the ASUS Live Update client.
  • Only devices that installed specific compromised versions of the software are at risk.

Takeaways

  • Organizations using ASUS Live Update should discontinue its use by January 7, 2026.
  • The incident highlights the risks associated with supply chain vulnerabilities in software distribution.
  • Users should ensure they are using the latest, secure versions of software to mitigate risks.
Read Full Article

Opens original article on The Hacker News

Similar News

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

IBM API Connect Critical Authentication Bypass Disclosed

IBM API Connect Critical Authentication Bypass Disclosed