Path Traversal Vulnerability in ASUS WebDAV Router
CVE-2025-12003

8.2HIGH

Key Information:

Vendor: Asus
Status: Router
Vendor: CVE Published:; 25 November 2025

What is CVE-2025-12003?

A path traversal vulnerability has been identified in the WebDAV implementation of ASUS routers, allowing unauthenticated remote attackers to manipulate file paths. This can lead to unauthorized access to critical system files, potentially compromising the integrity of the device. Users are encouraged to apply security updates provided by ASUS to mitigate this risk.

Affected Version(s)

Router 3.0.0.4_386

Router 3.0.0.4_388

Router 3.0.0.6_102

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Oct 21, 2025

Credit

MSTIC-MIRAGE

JSON

Asus

What is CVE-2025-12003?

Affected Version(s)

References

CVSS V4

Timeline

Credit