ASUS Warns of Critical Authentication Bypass Flaw in Routers Running AiCloud
ASUS has issued a security advisory for a critical authentication bypass vulnerability affecting routers with the AiCloud feature enabled. Identified as CVE-2025-2492 and carrying a CVSS v4 score of 9.2, the flaw allows remote attackers to execute unauthorized functions on vulnerable devices without needing to authenticate.
According to ASUS, the issue stems from improper authentication controls in certain router firmware versions. It can be exploited via a specially crafted request, granting threat actors the ability to take unauthorized actions on affected routers.
AiCloud is ASUS's cloud-based remote access service that enables users to access and share files stored on USB drives connected to their routers. It also supports media streaming, file syncing across home networks and cloud services, and link-based file sharing.
A wide range of ASUS router models are impacted, including those using firmware from the 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102 series. ASUS has released firmware patches for these versions and urges users to update their devices through the support portal or product finder page. Step-by-step update instructions are also provided on the site.
In addition to applying updates, ASUS recommends users secure their router admin and Wi-Fi network with strong, unique passwords—at least 10 characters long and containing a mix of letters, numbers, and symbols.
Users with end-of-life devices that no longer receive updates are strongly advised to disable AiCloud and shut off internet-facing features such as WAN access, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.
Although there are currently no known cases of active exploitation or public proof-of-concept code for this vulnerability, ASUS emphasizes the urgency of patching, as such flaws are often leveraged to install malware or integrate devices into botnets for DDoS attacks.
For now, timely updates and robust security practices remain the best defense.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
