Hackers can craft a request, send it to the Asus router, and execute functions without authorization. Due to this critical vulnerability, bearing a score of 9.2 out of 10, the company is urging users to update the firmware of Asus routers running AiCloud.
Asus AiCloud is a cloud storage and remote access service developed by ASUS for their modern routers. The company’s routers are very popular in the US, especially among gamers, tech enthusiasts, and other home users.
“An improper authentication control vulnerability exists in certain ASUS router firmware series. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions,” Asus warns in a security advisory.
A new firmware update for 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102 series has been released.
The flaw, tracked as CVE-2025-2492, affects the vendor's latest networking devices. It’s unclear if threat actors are already exploiting the vulnerability.
“Update your router with the newest firmware,” Asus added.
The newest firmware can be found on the Asus support or relevant product pages.
For users who are unable to update the firmware quickly or whose devices have already reached end-of-life, Asus recommends disabling AiCloud and any other services that can be accessed from the internet, such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.
Asus also recommends using different passwords for the wireless network and router administration page.
“Use passwords that are at least 10 characters long and contain a mix of capital letters, numbers, and symbols. Do not use the same password for more than one device or service. Do not use passwords with consecutive numbers or letters, such as 1234567890, abcdefghij, or qwertyuiop,” Asus's advisory reads.
Your email address will not be published. Required fields are markedmarked