CVE-2025-59366
CVE-2025-59366
In short
A flaw in AiCloud allows attackers to skip authentication checks due to how Samba is configured, letting them run commands they shouldn't have access to. This puts your router and files at serious risk.
Technical detail
An authentication bypass exists in AiCloud stemming from Samba functionality misconfiguration (CWE-22, CWE-78), enabling unauthorized execution of privileged functions without proper credential validation. The vulnerability allows attackers to circumvent access controls and potentially achieve command execution on affected ASUS router systems.
Summary generated and translated by AI from the official description.
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization.
Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
ASUS · RouterWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →