CVE-2025-12003 is a vulnerability identified in ASUS routers running firmware versions 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102. The vulnerability involves a path traversal flaw within the WebDAV service implementation, which allows unauthenticated remote attackers to access and potentially modify sensitive files on the device. The root cause is missing authentication for critical functions (CWE-306), meaning that the WebDAV interface does not properly verify user credentials before permitting access to sensitive operations. Additionally, the path traversal issue (CWE-22) enables attackers to navigate outside the intended directory structure, further facilitating unauthorized file access or modification. The CVSS 4.0 score of 8.2 reflects the high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on integrity (VI:H). The vulnerability does not affect confidentiality or availability directly but compromises the integrity of the router’s firmware or configuration files, potentially allowing attackers to implant malicious code or disrupt normal operations. Although no known exploits have been reported in the wild, the ease of exploitation and lack of authentication make this a critical concern. The vulnerability was publicly disclosed on November 25, 2025, with ASUS providing security advisories but no direct patch links included in the provided data. The affected routers are commonly used in both consumer and enterprise environments, making the threat relevant to a broad user base.

For European organizations, this vulnerability poses a significant risk to network security and operational stability. Compromise of ASUS routers through this flaw could allow attackers to alter device configurations, inject malicious firmware, or disrupt routing functions, potentially leading to network outages or man-in-the-middle attacks. Critical infrastructure sectors such as finance, healthcare, and government agencies that rely on these routers for secure communications could face data integrity breaches or service disruptions. The unauthenticated nature of the exploit increases the likelihood of automated scanning and exploitation attempts, raising the threat level. Additionally, compromised routers could serve as footholds for lateral movement within corporate networks or as platforms for launching further attacks. The impact extends beyond individual organizations to national cybersecurity posture, especially where ASUS routers are widely deployed in public sector or critical infrastructure networks.

1. Immediate application of the latest firmware updates from ASUS once available, as these will address the authentication and path traversal issues. 2. Disable the WebDAV service on affected routers if it is not essential to operations, thereby removing the attack surface. 3. Implement network segmentation to isolate critical router management interfaces from general network access, limiting exposure to external attackers. 4. Employ strict firewall rules to restrict access to router management ports and WebDAV services only to trusted IP addresses. 5. Monitor network traffic for unusual WebDAV requests or path traversal patterns indicative of exploitation attempts. 6. Conduct regular security audits and vulnerability scans on network devices to detect outdated firmware or misconfigurations. 7. Educate IT staff on the risks associated with router vulnerabilities and the importance of timely patch management. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect exploitation attempts targeting this vulnerability.