Improper Authentication Control in AiCloud by ASUS
CVE-2025-2492

9.2CRITICAL

Key Information:

Vendor

Asus
Status
Router
Vendor
CVE Published:
18 April 2025

Badges

📈 Trended📈 Score: 1,940💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-2492?

CVE-2025-2492 is a vulnerability affecting AiCloud by ASUS, a cloud service platform designed for users to access and manage their files remotely through ASUS routers. This vulnerability arises from improper authentication controls, allowing an attacker to craft specific requests that could lead to unauthorized execution of functions within the application. If exploited, this could undermine the integrity and security of organizational data and operations, potentially leading to significant disruptions and unauthorized access to sensitive resources.

Technical Details

The flaw is rooted in the way AiCloud handles authentication requests. An attacker can leverage this vulnerability by sending specially crafted requests that bypass standard authentication mechanisms. This could grant the attacker access to features or functions that should be restricted, enabling them to potentially manipulate the system or retrieve sensitive information. Specific technical intricacies regarding the implementation of authentication within AiCloud contribute to the vulnerability’s exploitability.

Potential Impact of CVE-2025-2492

  1. Unauthorized Access: The vulnerability could allow attackers to gain unauthorized entry into the system, which might lead to the manipulation or exposure of sensitive files and data stored in the cloud service.

  2. Data Compromise: If the vulnerability is exploited, it could potentially result in data breaches where confidential organizational information is accessed, stolen, or altered, leading to reputational damage and regulatory issues.

  3. Operational Disruption: The unauthorized execution of functions could disrupt normal operations of the AiCloud service, affecting an organization’s ability to utilize cloud resources effectively and harming overall productivity.

Affected Version(s)

Router 3.0.0.4_382 series

Router 3.0.0.4_386 series

Router 3.0.0.4_388 series

News Articles

favicon imageLexology

CTIX FLASH Update - April 22, 2025

Recent cybersecurity investigations have unveiled a troubling array of threats endangering users and organizations alike. Researchers have uncovered…

favicon imageThe Hacker News

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware

CVE-2025-2492 flaw in ASUS AiCloud routers allows remote control; firmware fix issued for 4 versions.

favicon imageBleepingComputer

ASUS warns of critical auth bypass flaw in routers using AiCloud

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device.

References

https://www.asus.com/content/asus-product-security-advisory/
vendor-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📈

    Vulnerability started trending

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

.
CVE-2025-2492 : Improper Authentication Control in AiCloud by ASUS