ASUS has disclosed a critical vulnerability affecting several router models running its AiCloud feature, Security Affairs reports. Tracked as CVE-2025-2492, the flaw allows remote attackers to bypass authentication mechanisms and execute functions without authorization. The vulnerability stems from improper authentication controls in specific firmware versions, making devices susceptible to crafted requests sent over the internet.
The issue impacts multiple firmware series, including 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102. ASUS has already issued patches for affected models, and users are urged to update their firmware promptly through the official support page. Regular maintenance of router settings and monitoring for security advisories is essential for staying ahead of potential risks.
In cases where immediate firmware updates are not feasible—especially for end-of-life models—ASUS recommends taking precautionary steps. These include disabling AiCloud and turning off any externally exposed services such as WAN-based remote access, DDNS, VPN servers, and FTP. Strengthening login credentials is also advised to reduce the likelihood of compromise.
Although there is currently no confirmation of active exploitation, the high CVSS score of 9.2 reflects the potential severity of the vulnerability. Users are encouraged to act quickly to protect their devices and networks, especially if they rely on cloud connectivity features that could expose them to external threats.
