ASUS AiCloud routers critical authentication bypass (CVE-2025-59366)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-59366 is a critical authentication bypass in ASUS AiCloud-enabled routers that can let remote, unauthenticated attackers execute functions without proper authorization. ASUS linked the flaw to an unintended side effect in Samba and said it can be chained with path traversal and OS command injection. The company released new firmware and told users to update immediately or disable Internet-exposed services on unsupported devices.
Related Happenings
N8n sandbox escape flaws (multiple vulnerabilities)
Vulnerability
First: 04.02.2026 15:00
Last: 04.02.2026 15:00
Sources 1
About this happening:
Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...
N8n sandbox escape flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...
Unattributed operators campaign expands across multiple victims
Campaign
First: 19.11.2025 16:35
Last: 19.11.2025 16:35
Sources 1
About this happening:
The **Operation WrtHug** campaign is hijacking **ASUS WRT routers** worldwide by exploiting **six vulnerabilities** and abusing **AiCloud**, creating a large pool of compromised d...
Unattributed operators campaign expands across multiple victims
CampaignAbout this happening: The **Operation WrtHug** campaign is hijacking **ASUS WRT routers** worldwide by exploiting **six vulnerabilities** and abusing **AiCloud**, creating a large pool of compromised d...
ASUS WRT routers legacy AiCloud/OS injection flaws (multiple vulnerabilities)
Vulnerability
First: 19.11.2025 12:20
Last: 19.11.2025 12:20
Sources 1
About this happening:
**ASUS WRT routers** and **ASUS AiCloud** are facing **active exploitation** of **six legacy vulnerabilities**, creating **elevated-privilege** and **persistence** risk for **end-...
ASUS WRT routers legacy AiCloud/OS injection flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **ASUS WRT routers** and **ASUS AiCloud** are facing **active exploitation** of **six legacy vulnerabilities**, creating **elevated-privilege** and **persistence** risk for **end-...
Cisco ASA and FTD active exploitation wave (CVE-2025-20333, CVE-2025-20362)
Exploitation Wave
First: 30.09.2025 19:58
Last: 30.09.2025 19:58
Sources 1
About this happening:
**Cisco ASA and FTD** appliances are still under an **active exploitation wave** for **CVE-2025-20333** and **CVE-2025-20362**, with a new attack variant now causing **unexpected...
Cisco ASA and FTD active exploitation wave (CVE-2025-20333, CVE-2025-20362)
Exploitation WaveAbout this happening: **Cisco ASA and FTD** appliances are still under an **active exploitation wave** for **CVE-2025-20333** and **CVE-2025-20362**, with a new attack variant now causing **unexpected...
Timeline
-
26.11.2025 13:41 2 articles · 6mo ago
ASUS releases firmware for AiCloud authentication bypass
Mitigation Patch UpdateASUS released new firmware to patch CVE-2025-59366, a critical authentication bypass in AiCloud-enabled routers that can be triggered by an unintended side effect of Samba and chained with path traversal and OS command injection to allow execution of specific functions without proper authorization. ASUS told users to update router firmware immediately and advised owners of end-of-life models to reduce exposure by disabling Internet-accessible services such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.
Show sources
- ASUS warns of new critical auth bypass flaw in AiCloud routers — www.bleepingcomputer.com — 26.11.2025 13:41
- ASUS warns of new critical auth bypass flaw in AiCloud routers — www.bleepingcomputer.com — 26.11.2025 13:41