← Zuruck zu CVEs
CVE-2025-59374
CRITICALCISA KEV9.8
Beschreibung
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/17/2025
Zuletzt geandert12/18/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerASUS
ProduktLive Update
SchwachstellennameASUS Live Update Embedded Malicious Code Vulnerability
KEV Aufnahmedatum2025-12-17
Behebungsfrist2026-01-07
Ransomware-NutzungUnknown
Betroffene Produkte
asus:live_update
Schwachen (CWE)
CWE-506
Referenzen
https://www.asus.com/news/hqfgvuyz6uyayje1/(54bf65a7-a193-42d2-b1ba-8e150d3c35e1)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.