1. Forum
  2. tqwNet
  3. TQW GENTECH

  • CISA reveals warning on Asus software flaw, here's what you need

    From TechnologyDaily@1337:1/100 to All on Thu Dec 18 14:15:08 2025
    CISA reveals warning on Asus software flaw, here's what you need to do to
    stay safe

    Date:
    Thu, 18 Dec 2025 14:05:00 +0000

    Description:
    A poisoned Asus utility tool was found floating around the web, granting attackers abilities to "perform unintended actions".

    FULL STORY ======================================================================CISA added a critical Asus Live Update supplychain compromise (CVE202559374) to KEV, tied to tampered installers distributed before 2021 The flaw stems from the 20182019 incident, where attackers implanted malicious code on Asus
    update servers Federal agencies must remediate by January 7, and security firms urge private organizations to follow suit

    The US Cybersecurity and Infrastructure Security Agency (CISA) recently added a new critical vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, meaning it has seen it being abused in the wild.

    The vulnerability plagues Asus Live Update, a utility tool that comes preinstalled on many Asus laptops and desktops. It checks Asus servers for updates , and installs them automatically, including BIOS files, firmware, drivers, and more.

    According to the National Vulnerability Database (NVD), certain versions of the client were distributed with unauthorized modifications introduced
    through a supply chain compromise. These modified builds allow threat actors to perform unintended actions on devices that meet certain targeting conditions. It is also worth mentioning that the Live Update client reached end-of-support in October 2021. Owned by AISURU?

    The bug is now tracked as CVE-2025-59374 and was given a severity score of 9.3/10 (critical).

    The Hacker News notes the vulnerability actually refers to a supply chain attack that was spotted in March 2019. Back then, ASUS acknowledged an advanced persistent threat group breaching some of its servers between June and November 2018.

    "A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a
    very small and specific user group," Asus noted back then, releasing version 3.6.8 to address the flaw.

    Together with the Asus bug, CISA also added a Cisco flaw affecting multiple products, as well as a bug plaguing SonicWall SMA1000.

    Usually, when CISA adds flaws to KEV, it means that Federal Civilian
    Executive Branch agencies have a three-week deadline to patch up or stop
    using the products entirely. For the ASUS flaw, agencies have until January 7 to address it.

    While it is not mandatory for organizations in the private sector, security companies usually advise them to follow CISAs instructions, too.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisa-reveals-warning-on-asus-software-f law-heres-what-you-need-to-do-to-stay-safe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)