🚨 Critical Security Vulnerability
🆔 CVE-2025-2492
💣 CVSS Score: 9.2 (Critical)
📅 Published: 2025-04-18
🔹 Summary:
An improper authentication control vulnerability exists in ASUS AiCloud. This flaw can be exploited via a crafted request, potentially allowing unauthorized execution of functions.
🔸 Affected Software:
- ASUS AiCloud (specific vulnerable versions not specified)
🛠️ Recommended Actions:
- Update ASUS AiCloud to the latest version as recommended by the vendor.
- Refer to the ASUS Product Security Advisory for detailed guidance: ASUS Security Advisory
🧠 Technical Details:
- CWE ID: CWE-288 (Authentication Bypass Using an Alternate Path or Channel)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: Low
🔗 References:
%20Enables%20Remote%20Function%20Execution%20via%20Authentication%20Bypass){kind=link}