Asus urges immediate updates: patches released for millions of computers, routers

Published: 26 November 2025
Last updated: 26 November 2025
Asus vulnerabilities
Image by Cybernews.

Asus has patched a highly severe privilege escalation vulnerability in the MyASUS software, which is common on all company computers, potentially affecting millions of users worldwide.

The MyASUS app comes preinstalled on Asus computers, providing users with quick access to system updates, performance optimization, and other support tools.

It has been discovered that low-privileged attackers can exploit a flaw in this app to escalate their privileges on the system, affecting both ARM and x64 systems.

ADVERTISEMENT

A local privilege escalation vulnerability was found in the restore mechanism of the Asus System Control Interface.

“It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM,” the description explains.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The bug was labeled CVE-2025-59373 and carries a severity rating of 8.5 out of 10.

Asus has patched the MyASUS app and urges users to apply the update through Windows Update or by downloading the updated package directly from the Asus Support site.

“This update applies to all personal computers, including desktop, laptop, NUC, and All-in-One PC,” Asus said.

The bug affects all ASUS System Control Interface versions prior to 3.1.48.0 (x64) and 4.2.48.0 (ARM). You can check the version by opening MyAsus, going to Settings, and selecting “About.”

Has my data been leaked?
Check Now

Additionally, Asus has released security updates for the Asus router firmware and is urging users to update their routers immediately. The patch addresses multiple vulnerabilities, the most critical of which is an authentication-bypass vulnerability in AiCloud, allowing attackers to execute specific functions without proper authorization.

ADVERTISEMENT

“This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.”

The vendor also warns users of end-of-life models that they won’t be covered by the new firmware. Asus recommends disabling any internet-accessible services on old routers, including AICloud, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, Port triggering, and FTP.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked