{“lastseen”:”2025-12-19T16:27:04″,”description”:”Recently, the Cybersecurity and Infrastructure Security Agency (CISA) added (along with two others) a vulnerability in ASUS Live Update to its catalog of Known Exploited Vulnerabilities (KEV).\\n\\nThe KEV catalog lists vulnerabilities that are known to be exploited in the wild and sets patch deadlines for Federal Civilian Executive Branch (FCEB) agencies. When CISA adds an issue to this list, it\u2019s a strong signal that exploitation is real, ongoing, and urgent.\\n\\nThe ASUS Live Update Embedded Malicious Code vulnerability, tracked as CVE-2025-59374 (with a CVSS score of 9.3), affects Live Update, a utility commonly used to deliver firmware and software updates to ASUS devices.\\n\\nThis isn\u2019t the first time ASUS Live Update has been linked to serious security incidents. In 2019, ASUS responded to media reports about attacks on the Live Update tool by advanced persistent threat (APT) groups, stating that:\\n\\n\\u003e \u201cA small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group.\u201d\\n\\nLater investigations revealed that a sophisticated supply chain attack mounted in 2018, attributed to Chinese state-sponsored attackers, had inserted a backdoor into ASUS Live Update. The attack was particularly effective because that utility came preinstalled on most ASUS devices and was used to the automatically update BIOS, UEFI, drivers, and other components.\\n\\nCISA now notes that the affected devices could be abused to perform unintended actions if certain conditions are met. Originally, the attackers reportedly targeted only around 600 specific devices, based on hashed MAC addresses hardcoded in various versions of the tool. This was despite the fact that millions of users may have downloaded the backdoored utility.\\n\\nSupport for the ASUS Live Update application has since been discontinued. The final intended version of ASUS Live Update was 3.6.15, but it will continue to provide software updates. This is likely why a CVE was assigned and why the vulnerability was added to the KEV catalog. There was no official \u201cwhy now\u201d statement from ASUS, MITRE, or CISA, but the timing aligns with a legacy, end-of-support product being reclassified as a vulnerability with confirmed active exploitation.\\n\\n## What do ASUS users need to do?\\n\\nFirst of all, make sure you’re running a clean version of the utility. ASUS urges users to update to version **3.6.8 or later** to address known security issues.\\n\\n * Right-click the **ASUS Live Update** icon at the bottom-right corner of your Windows screen\\n * Click **About** to see the version information as the shown in the picture below. \\n\\n * If you are on an older version, open the program and click **Check update immediately**\\n * ASUS Live Update will automatically find the latest driver and utility.\\n * Click **Install**\\n * After updating, recheck and ensure it shows \\”No updates.\\”\\n\\n\\n\\nAlternatively, you can download and install the latest version manually. ASUS\u2019 own support article describes the only official way to get the current Live Update package:\u200b\\n\\n 1. Go to the ASUS Official Website (asus.com)\\n 2. Use the search box to find your exact model (e.g., UX580GD)\\n 3. Open the product page and click **Support** \u2192 **Driver \\u0026 Tools**\\n 4. Select your operating system (e.g., Windows 10\/11 64-bit).\u200b\\n 5. In the **Utilities** section, locate **ASUS Live Update** and click **Download**\\n\\n\\n\\nThis is as close as we could get you to a \u201cdirect\u201d official download. The URL is different for every model and ASUS does not provide a central Live Update installer directory. While this makes it harder than it maybe should be, we do recommend using this official download. Given the history of supply chain abuse involving this tool, downloading it from third-party sources is a risk not worth taking.\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-12-19T13:56:36″,”modified”:”2025-12-19T13:56:36″,”type”:”malwarebytes”,”title”:”CISA warns ASUS Live Update backdoor is still exploitable, seven years on”,”source”:””,”references”:””,”id”:”MALWAREBYTES:6D624CEBFD72DA1026C67EC1CB8AB4ED”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-59374″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/cisa-warns-asus-live-update-backdoor-is-still-exploitable-seven-years-on”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-19T16:27:04″,”description”:”Recently, the Cybersecurity and Infrastructure Security Agency (CISA) added (along with two others) a vulnerability in ASUS Live Update to its catalog of Known Exploited…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,115,13,7,11,5],"class_list":["post-32258","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n