CVE-2025-59374
ASUS Live Update Embedded Malicious Code Vulnerability
CVSS
—
No CVSS
EPSS
1.1%
p62
KEV
YES
Dec 17, 2025
Exploit Today
69
0-100
Published: — · Last modified: —
Product
ASUS / Live Update
Vulnerability
ASUS Live Update Embedded Malicious Code Vulnerability
Added to KEV
Dec 17, 2025
Remediate by
Jan 7, 2026
Known ransomware use
No
Summary description
ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://www.asus.com/support/faq/1018727/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59374
No related CVEs by CWE or product.