CVE 9.3 CRITICAL

CVE-2025-59374_CVE-2025-59374

December 16, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.

AI Analysis

Unauthorized modifications in the ASUS Live Update client could cause unintended actions on targeted devices.

Basic Information

ID CVE-2025-59374

Source ASUS

Published Dec 17, 2025 at 04:27

Affected Product

Vendor ASUS

Product live update

Version before 3.6.6

Affected Versions ASUS live update before 3.6.6

CWE Classification

CWE-506

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor ASUS

Product Live Update

Version before 3.6.6

References

www.asus.com /news/hqfgvuyz6uyayje1/

{
    "lastseen": "",
    "description": "\"UNSUPPORTED WHEN ASSIGNED\" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.",
    "published": "2025-12-17T04:27:06.885Z",
    "modified": "2025-12-17T04:27:06.885Z",
    "type": "cve",
    "title": "CVE-2025-59374",
    "source": "ASUS",
    "references": "https://www.asus.com/news/hqfgvuyz6uyayje1/",
    "id": "CVE-2025-59374",
    "bulletinFamily": "",
    "cwe": [
        "CWE-506"
    ],
    "cvelist": null,
    "sourceData": "ASUS live update before 3.6.6",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "live update",
    "version": "before 3.6.6",
    "vendor": "ASUS",
    "ai_description": "Unauthorized modifications in the ASUS Live Update client could cause unintended actions on targeted devices.",
    "ai_severity": "Critical",
    "ai_vendor": "ASUS",
    "ai_product": "Live Update",
    "ai_version": "before 3.6.6",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply