ASUS warns of critical auth bypass flaw in routers using AiCloud

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. "An improper authentication control vulnerability exists in certain ASUS router firmware series," reads the vendor's bulletin. "This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions." AiCloud is a cloud-based remote access feature built into many ASUS routers, turning them into mini private cloud servers. It allows users to access files stored on USB drives connected to the router from anywhere over the internet, stream media remotely, sync files between home networks and other cloud storage services, and share files with other ... Read full article.