Cybersecurity News Kinetic Potential

CISA Warns of Exploited Flaw in Asus Update Tool

Thu, 12/18/2025 - 09:28 / 0 Comments

The US cybersecurity agency CISA on Wednesday warned that hackers have been exploiting a critical vulnerability in the now-discontinued Asus Live Update utility.

The exploited flaw is tracked as CVE-2025-59374 (CVSS score of 9.3) and is described as “an embedded malicious code vulnerability”.

CISA notes that the backdoor was introduced in a supply chain compromise, and that the affected devices could be abused to perform unintended actions, if certain conditions were met.

The warning refers to Operation ShadowHammer, a sophisticated supply chain attack mounted in 2018 by Chinese state-sponsored hackers. The attack was linked to the ShadowPad backdoor and attributed to APT41 (also tracked as Brass Typhoon, Wicked Panda, and Barium).

As part of the attack, the hacking group injected a backdoor into Asus Live Update, a utility that came pre-installed on most Asus devices and which was used for the automatic updating of BIOS, UEFI, drivers, and other components.

While over 1 million Asus users might have downloaded the backdoored utility, the hackers were reportedly interested in only around 600 specific devices, based on hashed MAC addresses hardcoded in various versions of the tool.

The attack was uncovered in January 2019 and Asus released a patch by March the same year.

Asus earlier this month advised that support for the Asus Live Update application has been discontinued. The last Asus Live Update version is 3.6.15.

However, the company said it would continue to provide software updates through the utility, urging users to update to version 3.6.8 or higher to resolve security defects.

On Wednesday, CISA added CVE-2025-59374 to its Known Exploited Vulnerabilities (KEV) catalog, warning of the Asus Live Update backdoor and urging federal agencies to stop using the utility.

Per Binding Operational Directive (BOD) 22-01, federal agencies have three weeks to identify vulnerable products in their environments and address the issue.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
16 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts