Command Injection Vulnerability in ASUS Router Firmware
CVE-2025-59370

7.5HIGH

Key Information:

Vendor: Asus
Status: Router
Vendor: CVE Published:; 25 November 2025

What is CVE-2025-59370?

A command injection vulnerability has been discovered in ASUS Router Firmware, allowing remote, authenticated attackers to exploit the flaw. By leveraging this vulnerability, attackers could execute arbitrary commands, potentially leading to unintended instructions being carried out by the device. This raises serious concerns regarding device integrity and security management.

Affected Version(s)

Router 3.0.0.4_386

Router 3.0.0.4_388

Router 3.0.0.6_102

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Sep 15, 2025

JSON

Asus

What is CVE-2025-59370?

Affected Version(s)

References

CVSS V4

Timeline