SQL Injection Vulnerability in ASUS Router Firmware
CVE-2025-59369

5.9MEDIUM

Key Information:

Vendor: Asus
Status: Router
Vendor: CVE Published:; 25 November 2025

What is CVE-2025-59369?

A SQL injection vulnerability has been discovered in ASUS router firmware, allowing a remote, authenticated attacker to execute arbitrary SQL queries. This exploitation could lead to unauthorized access to sensitive data within the database, posing serious risks to the integrity and confidentiality of user information. For mitigation, users are advised to review the security updates provided by ASUS.

Affected Version(s)

Router 3.0.0.4_386

Router 3.0.0.4_388

Router 3.0.0.6_102

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Sep 15, 2025

JSON

Asus

What is CVE-2025-59369?

Affected Version(s)

References

CVSS V4

Timeline