Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ASUS Live Update embedded malicious code flaw (CVE-2025-59374)

Vulnerability
First reported
Last updated
Happening score
H score 47
2 unique sources, 2 articles

Summary

Hide ▲

CISA added CVE-2025-59374 in ASUS Live Update to the KEV catalog after evidence of active exploitation, elevating risk for devices that installed compromised client builds. The flaw stems from a supply chain compromise that introduced unauthorized modifications into certain versions of the updater. Only systems that met the targeting conditions and received the compromised builds were affected, but those devices could be forced into unintended actions.

Related Happenings

CISA KEV listing for ASUS Live Update and FCEB cutoff

Public Sector Action
First: 18.12.2025 07:01 Last: 18.12.2025 07:01 Sources 1

How related: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

About this happening: **CISA** added **ASUS Live Update** to its **KEV catalog** after evidence of **active exploitation**, making **CVE-2025-59374** a federal remediation priority. The agency told **F...

Latest development: 18.12.2025 15:27

CISA added CVE-2025-59374 to its Known Exploited Vulnerabilities (KEV) catalog and warned federal agencies to stop using Asus Live Update, a now-discontinued utility linked to a supply-chain backdoor.

Open Happening

Cisco Secure Firewall ASA/FTD mitigation for CVE-2025-20333 and CVE-2025-20362

Advisory/Mitigation
First: 06.11.2025 16:58 Last: 06.11.2025 16:58 Sources 1

About this happening: **Cisco** urged customers to **apply updates** for **Cisco Secure Firewall ASA** and **FTD** devices susceptible to **CVE-2025-20333** and **CVE-2025-20362**, after a new attack v...

Open Happening

Timeline

  1. 18.12.2025 07:01 3 articles · 5mo ago

    CISA adds CVE-2025-59374 to the KEV catalog

    Initial Disclosure

    CISA added CVE-2025-59374 affecting ASUS Live Update to the Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw is a CVSS 9.3 embedded malicious code vulnerability introduced through a supply chain compromise that distributed unauthorized modifications in certain client builds and could cause affected devices to perform unintended actions.

    Show sources
    Open in new tab
  2. 18.12.2025 07:01 1 articles · 5mo ago

    CISA urges FCEB agencies to stop using ASUS Live Update

    Legal Policy Action Update

    CISA urged Federal Civilian Executive Branch agencies still relying on ASUS Live Update to discontinue its use by January 7, 2026. The guidance reflects the risk from the end-of-support updater and the actively exploited CVE-2025-59374 flaw.

    Show sources
    Open in new tab
  3. 18.12.2025 07:01 3 articles · 5mo ago

    CISA adds CVE-2025-59374 to the KEV catalog

    Initial Disclosure

    CISA added CVE-2025-59374 affecting ASUS Live Update to the Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw is a CVSS 9.3 embedded malicious code vulnerability introduced through a supply chain compromise that distributed unauthorized modifications in certain client builds and could cause affected devices to perform unintended actions.

    Show sources
    Open in new tab
  4. 04.12.2025 02:00 1 articles · 5mo ago

    ASUS Live Update reaches end-of-support

    Mitigation Patch Update

    ASUS formally announced that the ASUS Live Update client reached end-of-support as of December 4, 2025, and identified version 3.6.15 as the last release. The vendor also continued to direct users to update ASUS Live Update to V3.6.8 or higher to resolve security concerns.

    Show sources
    Open in new tab