๐ŸŸข CVE-2025-59374

CVE-2025-59374 affects ASUS Live Update, a client-side software utility that was compromised through a supply chain attack with embedded malicious code. While it has network attack vector and is in CISA KEV, it's a client application not typically internet-facing.

โ† Back to Overview
LOW_RISK
Risk Level
OTHER
MITRE Technique
9.3
CVSS Score
NETWORK
Attack Vector
VERY_LOW
Deployment Risk

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-12-17

Added to CISA KEV: 2025-12-17 0 DAY BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence

Key Sources:

  • CISA Warns of Exploited Flaw in Asus Update Tool - SecurityWeek

    CISA KEV. The US cybersecurity agency CISA on Wednesday warned that hackers have been exploiting a critical vulnerability in the now-discontinued Asus Live Update utility. The exploited flaw is tracked as CVE-2025-59374 (CVSS score of 9.3) and is described as โ€œan embedded malicious code vulnerabilityโ€. CISA notes that the backdoor was introduced in a supply chain compromise, and that the affected devices could be abused to perform unintended actions, if certain conditions were met.

  • CVE Record: CVE-2025-59374

    The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these ...Read more

  • CISA Flags Critical ASUS Live Update Flaw After Evidence of Active ...

    ... Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active ... The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise that could allow attackers to perform unintended actions. ... Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

  • CISA KEV Update 2025: Immediate Patch Priority for Cisco SonicWall and ...

    CVE-2025-59374 is an instance of embedded malicious code in some builds of the ASUS Live Update client โ€” a supply-chain compromise where unauthorized modifications were introduced into distributed installer/update packages.

  • The Hacker News | #1 Trusted Source for Cybersecurity News

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed