Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in ASUS AiCloud Routers

28 November 2025

ASUS has released security updates to address a critical vulnerability in their AiCloud routers.

Background

ASUS has released security updates to address a critical vulnerability (CVE-2025-59366) affecting AiCloud, a cloud-based remote-access feature in their routers. This vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.2 out of 10.

Impact

Successful exploitation of the authentication bypass vulnerability could allow an unauthenticated attacker to perform remote code execution.

Affected Products

The vulnerability affects the following product versions:

  • 3.0.0.4_386 series

  • 3.0.0.4_388 series

  • 3.0.0.6_102 series

Mitigation

Users and administrators of affected products are advised to update firmware to the latest version immediately.

Users and administrators using End of Life (EOL) products are advised to upgrade their routers to a supported version to address the vulnerability. As a precaution, it is recommended to disable any services from being accessible to the internet, including:

  • AiCloud

  • Remote access from Wide Area Network (WAN)

  • Port forwarding

  • Dynamic Domain Name System (DDNS)

  • Virtual Private Network (VPN) server

  • Demilitarised Zone (DMZ)

  • Port triggering

  • File Transfer Protocol (FTP)

References

https://www.asus.com/security-advisory/#bulletins

https://www.bleepingcomputer.com/news/security/asus-warns-of-new-critical-auth-bypass-flaw-in-aicloud-routers/

https://nvd.nist.gov/vuln/detail/CVE-2025-59366

Back to top