← Volver a CVEs
CVE-2025-59374
CRITICALCISA KEV9.8
Descripcion
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/17/2025
Ultima modificacion12/18/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorASUS
ProductoLive Update
Nombre vulnerabilidadASUS Live Update Embedded Malicious Code Vulnerability
Fecha inclusion KEV2025-12-17
Fecha limite remediacion2026-01-07
Uso en ransomwareUnknown
Productos afectados
asus:live_update
Debilidades (CWE)
CWE-506
Referencias
https://www.asus.com/news/hqfgvuyz6uyayje1/(54bf65a7-a193-42d2-b1ba-8e150d3c35e1)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.