Authentication Bypass Vulnerability in AiCloud by ASUS
CVE-2025-59366

9.2CRITICAL

Key Information:

Vendor: Asus
Status: Router
Vendor: CVE Published:; 25 November 2025

What is CVE-2025-59366?

The AiCloud product by ASUS is prone to an authentication-bypass vulnerability arising from an unintended side effect in its Samba functionality. This flaw may enable unauthorized users to execute certain functions without proper authorization, potentially compromising the integrity and security of affected systems. Users are advised to refer to ASUS's security advisory for further details and recommended mitigation measures.

Affected Version(s)

Router 3.0.0.4_386

Router 3.0.0.4_388

Router 3.0.0.6_102

References

https://www.asus.com/content/security-advisory/

vendor-advisory

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Sep 15, 2025

Credit

Nanyu Zhong of VARAS@IIE

JSON

Asus

What is CVE-2025-59366?

Affected Version(s)

References

CVSS V4

Timeline

Credit