A critical security vulnerability has been discovered in ASUS routers featuring the AiCloud service, exposing millions of devices to the risk of remote code execution by unauthenticated attackers.
The flaw, tracked as CVE-2025-2492, has received a CVSS v4 score of 9.2, placing it among the most severe vulnerabilities affecting consumer networking equipment this year.
ASUS Router AiCloud vulnerability
The vulnerability stems from improper authentication control within certain ASUS router firmware series.
Attackers can exploit this flaw by sending a specially crafted HTTP request to the router’s public interface, thereby bypassing authentication mechanisms and gaining unauthorized access to critical device functions.
This means that a remote attacker, without any valid credentials, could potentially execute arbitrary commands or malicious code on the affected router.
AiCloud is a proprietary cloud-based feature that allows users to access files, stream media, and manage network-connected devices remotely.
While convenient, its exposure to the internet makes it a prime target for attackers seeking to compromise home and small business networks.
The exploit leverages a flaw in the authentication logic of the AiCloud service. By crafting a malicious request, attackers can trigger the vulnerability and perform unauthorized actions on the device. This could include:
- Installing malware or spyware.
- Hijacking network traffic.
- Recruiting the router into botnets for DDoS attacks.
- Exfiltrating sensitive data stored on connected USB drives.
No user interaction is required for the exploit to succeed, and the attack can be conducted remotely over the internet, making unpatched devices particularly vulnerable.
| Risk Factors | Details |
| Affected Products | ASUS routers with firmware:- 3.0.0.4_382 series- 3.0.0.4_386 series- 3.0.0.4_388 series- 3.0.0.6_102 series |
| Impact | Arbitrary commands or malicious code, potentially compromising confidentiality, integrity, and availability of the device and connected network. |
| Exploit Prerequisites | – Router runs affected firmware version- AiCloud or internet-accessible services enabled- No authentication required |
| CVSS 3.1 Score | 9.2 (Critical) |
Affected Versions
The affected firmware branches include:
- 3.0.0.4_382.
- 3.0.0.4_386.
- 3.0.0.4_388.
- 3.0.0.6_102.
These firmware versions are widely deployed across various ASUS router models, particularly those with AiCloud enabled.
Patched Firmware Versions
ASUS has responded swiftly by releasing patched firmware versions for all affected branches.
Users are strongly urged to update their router firmware immediately via the official ASUS support portal or product page. For devices that cannot be updated such as those that have reached end-of-life (EoL) ASUS recommends the following steps:
- Disable AiCloud entirely.
- Turn off all internet-accessible services, including remote WAN management, port forwarding, Dynamic DNS (DDNS), VPN servers, DMZ, port triggering, and FTP.
- Use strong, unique passwords for both Wi-Fi and router administration pages (at least 10 characters, including uppercase, numbers, and symbols).
As of publication, there are no public reports of active exploitation or a proof-of-concept exploit available for CVE-2025-2492.
However, given the critical nature of the flaw and the high value of compromised routers to cybercriminals, experts warn that attacks could emerge soon if devices remain unpatched.
ASUS users are advised to act immediately by updating firmware, hardening passwords, and disabling unnecessary services to mitigate the risk of remote compromise.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
%20Tools.webp?w=100&resize=100,70&ssl=1 "Top 10 Best Privileged Access Management (PAM) Tools in 2025")