CVE-2025-59372 is a path traversal vulnerability classified under CWE-22, discovered in certain ASUS router firmware versions (3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102). The flaw allows a remote attacker with authenticated access to bypass directory restrictions and write files outside the designated directories on the device's filesystem. This improper limitation of pathname can lead to unauthorized file modifications, potentially affecting the router's configuration, firmware integrity, or enabling persistence mechanisms for further attacks. The vulnerability requires the attacker to have high-level privileges (authenticated with elevated rights) but does not require user interaction. The CVSS v4.0 score is 6.9 (medium severity), reflecting network attack vector, low attack complexity, no user interaction, and high impact on integrity and availability. No known exploits have been reported in the wild as of the publication date (November 25, 2025). The vulnerability could be leveraged to alter critical system files, disrupt router operations, or facilitate further compromise of the network environment. The affected firmware versions are widely deployed in consumer and enterprise environments, making timely patching critical. ASUS has acknowledged the issue and recommends applying security updates as detailed in their advisory. This vulnerability highlights the risks associated with insufficient input validation and access control in embedded network devices.

For European organizations, this vulnerability poses a significant risk to network perimeter security, especially for those relying on ASUS routers in critical infrastructure, enterprise, or SME environments. Exploitation could lead to unauthorized modification of router configurations or firmware, potentially resulting in network outages, interception or redirection of traffic, and persistence of malicious code within the network. The integrity and availability of network services could be compromised, impacting business continuity and data confidentiality. Given the medium severity and requirement for authenticated access, the threat is more pronounced in environments where administrative credentials are weak, reused, or exposed. The lack of known exploits currently reduces immediate risk but does not eliminate the potential for future attacks. European organizations with remote management enabled or insufficient network segmentation are particularly vulnerable. The impact extends to regulatory compliance concerns under GDPR if network compromise leads to personal data breaches.

1. Immediately verify if your ASUS routers are running affected firmware versions (3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102) and prioritize upgrading to patched firmware as soon as ASUS releases updates. 2. Restrict administrative access to routers by limiting management interfaces to trusted networks and using VPNs or secure tunnels for remote access. 3. Enforce strong, unique passwords and implement multi-factor authentication for router administration to reduce the risk of credential compromise. 4. Regularly audit router configurations and logs for unauthorized changes or suspicious activity indicative of exploitation attempts. 5. Segment network infrastructure to isolate critical systems from devices with potential vulnerabilities. 6. Disable unnecessary services and remote management features on routers to minimize attack surface. 7. Employ network intrusion detection systems (NIDS) to monitor for anomalous traffic patterns that could indicate exploitation attempts. 8. Educate IT staff on the risks of path traversal vulnerabilities and the importance of timely patch management in embedded devices. 9. Maintain an inventory of network devices and their firmware versions to streamline vulnerability management processes.