CVE-2025-59366 is a critical vulnerability identified in ASUS routers running firmware versions 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102. The root cause is a path traversal vulnerability (CWE-22) combined with command injection (CWE-78) that exists in the AiCloud feature, which is a cloud storage and remote access service integrated into ASUS routers. The vulnerability is triggered as an unintended side effect of the Samba functionality, a protocol used for file sharing. This flaw allows attackers to bypass authentication mechanisms and execute specific functions without proper authorization. The CVSS 4.0 vector indicates the attack can be performed remotely over the network (AV:N) without any privileges (PR:N) or user interaction (UI:N), making it highly exploitable. The vulnerability impacts confidentiality, integrity, and availability at a high level (VC:H, VI:H, VA:H), meaning attackers can potentially access sensitive data, alter configurations, or disrupt network services. While no public exploits have been reported yet, the critical nature and ease of exploitation make it a significant threat. The vulnerability was reserved in September 2025 and published in November 2025, with ASUS providing security advisories but no direct patch links included in the provided data. The combination of path traversal and command injection could allow attackers to execute arbitrary commands on the router, leading to full compromise of the device and potentially the internal network it protects.

For European organizations, this vulnerability poses a severe risk to network security and data confidentiality. ASUS routers are widely used in both consumer and small-to-medium enterprise environments across Europe. Exploitation could lead to unauthorized access to internal networks, interception or manipulation of data, and disruption of critical services. Organizations relying on these routers for remote access or cloud storage via AiCloud are particularly vulnerable. The ability to bypass authentication remotely without user interaction increases the likelihood of automated attacks and worm-like propagation. Critical infrastructure sectors such as finance, healthcare, and government agencies using affected ASUS routers could face operational disruptions and data breaches. Additionally, compromised routers could be leveraged as entry points for broader attacks, including lateral movement within corporate networks or launching attacks against other targets. The lack of known exploits currently provides a window for proactive mitigation, but the critical CVSS score underscores the urgency for European organizations to act swiftly.

1. Immediately verify the firmware version of all ASUS routers in use and prioritize upgrading to patched versions once ASUS releases them. 2. Until patches are available, disable the AiCloud feature and Samba services on affected routers to reduce the attack surface. 3. Implement network segmentation to isolate routers from critical internal systems and sensitive data repositories. 4. Employ strict firewall rules to limit inbound access to router management interfaces and Samba ports from untrusted networks. 5. Monitor router logs and network traffic for unusual activities indicative of exploitation attempts, such as unexpected command executions or unauthorized access patterns. 6. Use intrusion detection/prevention systems (IDS/IPS) tuned to detect path traversal and command injection attempts targeting routers. 7. Educate IT staff about this vulnerability and ensure rapid incident response capabilities are in place. 8. Consider replacing outdated or unsupported ASUS routers with devices that receive regular security updates and have robust security features. 9. Coordinate with ASUS support and subscribe to their security advisories to receive timely updates and patches. 10. Conduct regular security audits and penetration testing focusing on network perimeter devices like routers.