Affected Vendors
- ASUS — 3 CVEs (all high severity)
- Edimax — 1 CVE (high severity)
Overview
This week brought four high-severity vulnerabilities affecting router and embedded Linux systems. While the volume is modest, the impact ranges from remote code execution to use-after-free bugs in kernel subsystems. Network administrators should prioritize the Edimax router flaw while monitoring ASUS ecosystem updates for kernel patches.
Critical Alert: Edimax RCE
CVE-2025-56706 (CVSS 8.0) is the most immediately actionable threat this week. Edimax BR-6473AX routers running firmware v1.0.28 and possibly earlier versions contain a remote code execution vulnerability in the openwrt_getConfig function. An attacker can exploit the Object parameter to achieve unauthenticated RCE on affected devices. If you manage Edimax BR-6473AX units, check for available firmware updates immediately and apply them without delay. This vulnerability requires no user interaction and could lead to complete device compromise.
ASUS Linux Kernel Issues
Three high-severity vulnerabilities affect ASUS-branded devices through Linux kernel flaws:
- CVE-2025-39837 (CVSS 7.8) addresses a race condition in
asus-wmidriver registration that could be exploited during concurrent driver initialization. - CVE-2025-39824 (CVSS 7.8) fixes a use-after-free (UAF) vulnerability in the ASUS HID subsystem triggered after
hid_hw_start()execution. - CVE-2023-53235 (CVSS 7.8) corrects a UAF condition in DRM kernel test helpers that could affect driver stability.
These are kernel-level issues, so patches will arrive through firmware updates specific to your ASUS router model. Check ASUS support pages for the latest firmware releases and apply them to affected devices.
Recommendation
Prioritize Edimax BR-6473AX patching this week, then work through your ASUS device inventory for kernel updates over the next deployment cycle.