- ASUS corrects a safety flaw of 9.2 in certain routers
- The fault comes from Aicloud, a personal cloud server functionality
- There is no evidence yet, but users should be wary
Asus has published a corrective for a vulnerability of critical severity affecting the routers with activated Aicloud which could allow threat actors to perform functions on the devices exposed remotely and without authorization.
It is followed as CVE-2025-2492 and received a gravity score of 9.2 / 10 (criticism). It can be used via a personalized request.
“This vulnerability can be triggered by a manufactured request, potentially leading to an unauthorized execution of functions,” says the NVD page.
Protect the device
Aicloud is an integrated feature in many ASUS routers that transforms the domestic network into a personal cloud server.
Users can then access, distribute, synchronize and share files stored on USB disks connected to anywhere with an internet connection.
The fault was found in the firmware versions published after February 2025, which means: 3.0.0.4_382, 3.0.0.4_386, 3.0.4_388 and 3.0.0.6_102.
According to Cyberiansider, these characteristics “often become attractive targets” for threat actors because they exhibit sensitive Internet data.
Therefore, it would be wise not to delay the deployment of the fix. Depending on the model, there are different versions of firmware that can be downloaded directly from the Asus website.
The defect also affects some end -of -life devices, which should now have a fully deactivated Aicloud. Internet access for WAN must also be deactivated, as well as port transfer services, DDNS, VPN Server, DMZ, Port trigger and FTP.
The company did not say that if the defect was mistreated in nature or not, but at the time of the press, it was not added to the Kev of Cisa, which is generally a good decisive document for actively exploited defects.
According to Bleeping CompomputeCritical CVSS notation “implies that exploitation could have a significant impact.” Asus also told its users to use unique and solid passwords to secure their wireless networks and their router administration pages.
This means making passwords at least 10 characters and making it a mixture of tiny and capital letters, figures and special symbols.
