CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Critical Authentication Flaw in ASUS AiCloud Exposes Routers to Remote Attacks

By Leave a Comment

A critical vulnerability tracked as CVE-2025-2492 has been disclosed in ASUS routers running AiCloud, potentially allowing remote attackers to execute unauthorized functions without authentication.

The flaw, rated 9.2 (Critical) under the CVSS 4.0 system, affects multiple firmware versions and underscores the continued risk posed by exposed cloud-enabled features in consumer networking devices.

The vulnerability was discovered internally by ASUS, and made public via their security advisory. According to the bulletin, CVE-2025-2492 is caused by improper authentication control in AiCloud, a feature that enables users to remotely access storage and network-connected devices through ASUS routers. By sending specially crafted requests, unauthenticated attackers may trigger function execution with elevated privileges, effectively bypassing standard access controls.

ASUS identified and addressed the issue in firmware versions released after February 2025, covering the following firmware branches:

  • 3.0.0.4_382
  • 3.0.0.4_386
  • 3.0.0.4_388
  • 3.0.0.6_102

AiCloud is a proprietary cloud service integrated into many ASUS routers, offering users remote access to their home networks through web or mobile interfaces. While convenient, such features often become attractive targets for threat actors due to their exposure to the internet and the sensitive data they can access. ASUS has not disclosed whether the vulnerability has been actively exploited in the wild, but the critical CVSS rating implies that exploitation could have a significant impact.

ASUS urges users to update their router firmware immediately via the official ASUS support page. For devices that cannot be updated — either due to compatibility issues or end-of-life status — the company recommends disabling AiCloud, along with remote access services such as WAN management, DDNS, VPN servers, DMZ, port forwarding, and FTP. Users should also ensure that router administration and Wi-Fi passwords are strong and distinct, avoiding common sequences and re-used credentials.

For those unsure of their firmware version or how to update, ASUS provides a comprehensive firmware update guide to assist with securing affected devices.

More from CyberInsider

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *