BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CISA Flags Critical ASUS Live Update Flaw Exploited in the Wild

CISA Adds Critical ASUS Live Update Vulnerability CVE-2025-59374 to Known Exploited Catalog, Urges Discontinuation by 2026

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting ASUS Live Update to its Known Exploited Vulnerabilities catalog.
  • The flaw, CVE-2025-59374, involves an embedded malicious code vulnerability caused by a supply chain compromise.
  • The issue originated from a 2018 attack known as Operation ShadowHammer targeting select devices via their MAC addresses.
  • ASUS has ended support for the Live Update client as of December 4, 2025, recommending users upgrade to version 3.6.8 or later.
  • CISA advised federal agencies to discontinue use of the tool by January 7, 2026, due to ongoing security risks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a critical vulnerability impacting ASUS Live Update software in its Known Exploited Vulnerabilities (KEV) catalog as of December 2025. This action was prompted by observed active exploitation of the flaw.

- Advertisement -

The vulnerability, tracked as CVE-2025-59374, received a CVSS score of 9.3 and involves malicious code embedded into the software through unauthorized changes made during a supply chain compromise. According to the CVE description, affected devices met specific targeting conditions and ran compromised versions of the Live Update client, which allowed attackers to cause the devices to perform unintended actions.

This vulnerability traces back to a supply chain attack uncovered in March 2019, when ASUS confirmed that an advanced persistent threat group had breached some of its servers. The incident, called Operation ShadowHammer by cybersecurity firm Kaspersky, took place between June and November 2018. The attackers embedded trojanized updates with a hard-coded list containing over 600 specific network adapter MAC addresses to target particular systems.

At that time, ASUS acknowledged the attack, stating, “A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group.” The company resolved the issue by releasing Live Update version 3.6.8.

Recently, ASUS formally announced the end of support (EOS) for the Live Update client as of December 4, 2025, with the final version being 3.6.15. Following this, CISA urged federal agencies still using the software to discontinue it by January 7, 2026, due to unresolved security concerns.

- Advertisement -

ASUS stated on a support page that it is committed to software security and encouraged users to update the Live Update software to version 3.6.8 or later to address security risks. The company offers automatic, real-time updates through the Live Update application to protect devices from vulnerabilities.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

LINE NEXT launches global stablecoin platform Unifi

LINE NEXT has launched Unifi, a non-custodial stablecoin platform, now available globally as it...

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

Must Read

What Are Sniper Bots Used in Defi Trading?

You've heard about DeFi, but what about sniper bots? These high-speed trading tools are shaking up the crypto scene.But don't fret, you're not...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading