A critical security flaw (CVE-2025-2492) has been discovered in ASUS routers running AiCloud, a feature that allows remote access to files and media via the cloud. The vulnerability enables unauthenticated remote attackers to execute functions on the device by sending a specially crafted request, requiring no credentials.
Severity: Critical (CVSS 9.2)
Impact: Authentication Bypass → Remote Code Execution
First Published: April 18, 2025
Status: No known exploitation yet, but patching is urgent.
Affected firmware series include: 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102
Technical Details
- Vulnerability Type: Improper Authentication Control (CWE-288)
- Attack Vector: Network
- Access Complexity: Low
- Privileges Required: None
- User Interaction: None
- Potential Impact: Full compromise of affected device functionality, including remote code execution and use in botnets or DDoS swarms.
Recommended Actions
- Immediate Firmware Update: Download and install the latest firmware version for your model from ASUS Support.
- If Router is End-of-Life (EoL):
- Disable AiCloud.
- Disable remote services like WAN access, port forwarding, DDNS, VPN, DMZ, FTP, etc.
- Disable AiCloud.
- Enforce Strong Passwords:
- Use separate strong passwords (10+ characters with numbers, symbols) for the Wi-Fi network and router admin panel.
Although there are no signs of exploitation in the wild yet, this is the type of high-severity flaw that threat actors will rapidly move to weaponize, especially for botnet expansion or targeting small business networks with legacy gear.
We urge clients to verify whether any remote offices or third-party partners use ASUS routers with AiCloud and ensure patching or deactivation is enforced immediately.
