CVE-2025-59374

Dec. 18, 2025, 3:42 p.m.

9.3
Critical

Description

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.

Product(s) Impacted

Vendor Product Versions
Asus
  • Live Update
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-506
Embedded Malicious Code
The product contains code that appears to be malicious in nature.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a asus live_update / / / / / / / /

References

https://www.asus.com/news/hqfgvuyz6uyayje1/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374

Tags

54bf65a7-a193-42d2-b1ba-8e150d3c35e1
2025-12-17
CVE-2025-59374

CVSS Score

9.3 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Dec. 17, 2025, 5:16 a.m.
Last Modified: Dec. 18, 2025, 3:42 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

54bf65a7-a193-42d2-b1ba-8e150d3c35e1

Relations

Here is the list of observables linked to the vulnerability CVE-2025-59374 using threat intelligence.

  • Live Update
  • Live Update

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.