Refine your search
2 vulnerabilities found for live update by ASUS
CVE-2025-59374 (GCVE-0-2025-59374)
Vulnerability from nvd
Published
2025-12-17 04:27
Modified
2025-12-18 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-506 - Embedded Malicious Code
Summary
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ASUS | live update |
Version: before 3.6.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59374",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-12-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T04:55:24.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "live update",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "before 3.6.6"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:live_update:before_3.6.6:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\"UNSUPPORTED WHEN ASSIGNED\"\u0026nbsp;Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.\u0026nbsp;The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected.\u0026nbsp;The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue."
}
],
"value": "\"UNSUPPORTED WHEN ASSIGNED\"\u00a0Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.\u00a0The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected.\u00a0The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T04:27:06.885Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/news/hqfgvuyz6uyayje1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-59374",
"datePublished": "2025-12-17T04:27:06.885Z",
"dateReserved": "2025-09-15T01:36:47.359Z",
"dateUpdated": "2025-12-18T04:55:24.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59374 (GCVE-0-2025-59374)
Vulnerability from cvelistv5
Published
2025-12-17 04:27
Modified
2025-12-18 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-506 - Embedded Malicious Code
Summary
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ASUS | live update |
Version: before 3.6.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59374",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-12-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T04:55:24.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "live update",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "before 3.6.6"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:live_update:before_3.6.6:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\"UNSUPPORTED WHEN ASSIGNED\"\u0026nbsp;Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.\u0026nbsp;The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected.\u0026nbsp;The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue."
}
],
"value": "\"UNSUPPORTED WHEN ASSIGNED\"\u00a0Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.\u00a0The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected.\u00a0The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T04:27:06.885Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/news/hqfgvuyz6uyayje1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-59374",
"datePublished": "2025-12-17T04:27:06.885Z",
"dateReserved": "2025-09-15T01:36:47.359Z",
"dateUpdated": "2025-12-18T04:55:24.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}