RouterCVE

Router CVE Weekly Digest — Week of Nov 24, 2025

Published November 24, 2025 · RouterCVE Weekly Digest

10 CVEs 1 Low

Affected Vendors

  • ASUS: 9 CVEs
  • Palo Alto Networks: 1 CVE

Overview

This week brought 10 new router-related CVEs, with ASUS dominating the list at 9 vulnerabilities. While severity ratings are modest on paper, several vulnerabilities carry concerning CVSS scores and real security implications. The good news: most require some level of authentication, limiting exposure to external attackers.

ASUS — 9 CVEs Across Multiple Components

ASUS routers face a broad range of vulnerabilities spanning cloud features, local privilege escalation, and file access controls:

  • CVE-2025-59366 (CVSS 9.2) — AiCloud Authentication Bypass: An unintended interaction between the Samba file-sharing service and AiCloud creates an authentication bypass. This is the highest-scoring vulnerability this week and warrants immediate attention if you run ASUS routers with AiCloud enabled.
  • CVE-2025-12003 (CVSS 8.2) — WebDAV Path Traversal: An unauthenticated attacker can exploit a path traversal flaw in WebDAV to modify device files. This is particularly dangerous because it requires no authentication, making it exploitable from the public internet.
  • CVE-2025-59373 (CVSS 8.5) — System Control Interface Privilege Escalation: A local privilege escalation in the restore mechanism allows unprivileged users to escalate permissions. This is a risk if you allow local access to your router or have compromised accounts.
  • CVE-2025-59370 (CVSS 7.5) — bwdpi Command Injection: The bandwidth deep-packet inspection (DPI) component is vulnerable to command injection by authenticated attackers, potentially leading to full device compromise.
  • CVE-2025-59371 (CVSS 7.5) — IFTTT Authentication Bypass: The IFTTT integration feature contains an authentication bypass, allowing authenticated users to gain unauthorized access to additional features or functions.
  • CVE-2025-59372 (CVSS 6.9) — Path Traversal in File Operations: Authenticated attackers can write files outside intended directories, potentially overwriting system files.
  • CVE-2025-59365 (CVSS 6.9) — Stack Buffer Overflow: A buffer overflow in certain models can be triggered via crafted requests, risking device crash or code execution.
  • CVE-2025-59368 (CVSS 6.0) — AiCloud Integer Underflow: An authenticated attacker can trigger a denial-of-service condition through a crafted request.
  • CVE-2025-59369 (CVSS 5.9) — bwdpi SQL Injection: The DPI component also contains SQL injection flaws that allow authenticated attackers to query or modify the device database.

Palo Alto Networks — 1 CVE

CVE-2025-20373 (CVSS 2.7) — Splunk Add-on Information Disclosure: The Splunk Add-on for Palo Alto Networks versions below 2.0.2 exposes client secrets in plain text within the _internal index. While the CVSS score is low, exposed API credentials pose a real security risk. If you use this add-on, update to version 2.0.2 or later immediately.

What You Should Do

  • ASUS users: Check your router model against ASUS security advisories for firmware patches addressing these nine CVEs. Pay special attention to CVE-2025-59366 and CVE-2025-12003, which pose the highest external attack risk.
  • Disable unnecessary features: If you don't use AiCloud, WebDAV, or IFTTT integration, disable them to reduce your attack surface.
  • Palo Alto Networks users: Verify your Splunk Add-on version and upgrade to 2.0.2+ if running an older version. Review logs for any unauthorized access attempts.
  • Monitor for patches: Check vendor security pages regularly this week for firmware updates addressing these issues.
« All weekly digests