CVE-2025-59366
Received
Published: 25 Nov 2025, 08:15
Last modified:25 Nov 2025, 08:15
Vulnerability Summary
Overall Risk
Medium Risk
37/100 CVSS Score
9.2 CRITICAL
CVSS v4.0 (54BF65A7-A193-42D2-B1BA-8E150D3C35E1)
EPSS Score
0.1% INFO
0% probability
CISA KEV
Not listed
Ransomware
No reports
Exploits
None found
Dark Web
Not detected
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization.
Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.
Source Identifier: 54bf65a7-a193-42d2-b1ba-8e150d3c35e1
| CVSS | Source | Severity | Exploit. | Impact | Vector |
|---|---|---|---|---|---|
| v4.0 | 54bf65a7-a193-42d2-b1ba-8e150d3c35e1 | 9.2 CRITICAL | NA | NA | CVSS:4.0/AV:N/AC:L/AT:P/P... |
| v3.1 | n/a | ||||
| v3.0 | n/a | ||||
| v2.0 | n/a | ||||
0.10%
Current Score
27%ile
Percentile Rank
Loading chart...
Loading chart...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
Description:The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Not listed in CISA Known Exploited Vulnerabilities catalog.
No dark web activity detected for this vulnerability.
No known public exploit code indexed (as of 25 Nov 2025, 08:15).
Exploitation status can change quickly once PoC code appears.
No affected systems information available.
| URL | Tags | Source |
|---|---|---|
| https://www.asus.com/content/security-advisory/ | - | 54bf65a7-a193-42d2-b1ba-8e150d3c35e1 |