← Voltar para CVEs
CVE-2025-59374
CRITICALCISA KEV9.8
Descricao
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/17/2025
Ultima modificacao12/18/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorASUS
ProdutoLive Update
Nome da vulnerabilidadeASUS Live Update Embedded Malicious Code Vulnerability
Data inclusao KEV2025-12-17
Prazo de remediacao2026-01-07
Uso em ransomwareUnknown
Produtos afetados
asus:live_update
Fraquezas (CWE)
CWE-506
Referencias
https://www.asus.com/news/hqfgvuyz6uyayje1/(54bf65a7-a193-42d2-b1ba-8e150d3c35e1)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.