CVE-2025-59372: Urgent Security Alert – Path Traversal Vulnerability in ASUS Routers

Overview

CVE-2025-59372 describes a path traversal vulnerability affecting certain ASUS router models. This vulnerability could allow a remote, authenticated attacker to write files outside of the intended directory on the affected device, potentially compromising its integrity and security.

Technical Details

The vulnerability lies in how the router handles file paths within a specific functionality (further details are available in the ASUS Security Advisory). By manipulating the file path during a write operation, an attacker with valid authentication credentials can bypass directory restrictions and write files to arbitrary locations on the router’s file system. This could involve overwriting critical system files, injecting malicious code, or modifying router configurations.

CVSS Analysis

While the official CVSS score is currently listed as N/A, it’s important to understand the potential severity of this vulnerability. A successful path traversal attack could lead to significant compromise. A manual CVSS score calculation, taking into account the requirement for authentication, the potential for file modification, and the wide range of potential impacts, could easily fall in the Medium to High range depending on the specifics of the exploitable function and system privileges.

Possible Impact

A successful exploit of CVE-2025-59372 could lead to several serious consequences, including:

• Device Compromise: Complete control of the affected router.
• Malware Injection: Installation of malware that could intercept network traffic, redirect users to malicious websites, or participate in botnet activities.
• Data Theft: Access to sensitive data stored on the router’s configuration files or related systems.
• Denial of Service: Rendering the router unusable, disrupting network connectivity for all connected devices.
• Configuration Manipulation: Changing DNS settings or other critical settings to redirect traffic.

Mitigation and Patch Steps

The primary mitigation is to update your ASUS router firmware to the latest version as soon as possible. ASUS has released a security update addressing this vulnerability. Follow these steps:

1. Visit the ASUS Security Advisory page for more information and to identify if your router model is affected.
2. Navigate to the ASUS support website for your specific router model.
3. Download the latest firmware available for your router.
4. Follow the instructions provided by ASUS to update your router’s firmware. This typically involves logging into the router’s web interface and uploading the firmware file.
5. After the update, reboot your router.
6. Important: Always download firmware updates directly from the official ASUS website to avoid installing malicious firmware.

If a firmware update is not yet available for your specific model, consider temporarily disabling remote management features on your router and enabling strong passwords.

References

• ASUS Security Advisory: https://www.asus.com/security-advisory/
• NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59372 (This URL will likely be valid in the future. It is included for completeness.)