Asus has issued a critical security advisory regarding a high-severity vulnerability in its router firmware that exposes users to remote code execution (RCE) attacks. The flaw, assigned the identifier CVE-2025-593656, holds a severity score of 9.2 out of 10 and specifically compromises the AiCloud remote-access feature.
The core issue resides in the firmware’s interaction with Samba file-sharing code; a breakdown in this integration allows unauthenticated attackers to bypass security protocols and execute operating system commands without valid credentials. The advisory explicitly notes that “Qilin takes the blame” for the issue, suggesting a correlation between this vulnerability and the operations of the prominent ransomware group.
The vulnerability affects three specific firmware branches: 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102. Because the flaw is tied to the software rather than specific hardware architecture, it is difficult to generate a definitive list of affected models. However, any Asus router—including those that have reached “end-of-life” status—running these firmware versions with AiCloud enabled is considered vulnerable. This update is part of a broader security sweep by Asus, which addressed a total of nine vulnerabilities in this release, the majority of which were rated as medium to high severity.
For immediate mitigation, Asus advises users to update their firmware instantly. If an update is not feasible, users must disable AiCloud, Samba file-sharing, remote WAN access, and port-forwarding services to remove the attack vector. Strengthening administrative and Wi-Fi passwords is also recommended. This incident highlights the growing trend of threat actors targeting network gateways; it follows a similar critical authentication bypass fix in April and coincides with reports of “WrtHug” attacks actively abusing Asus router vulnerabilities to breach network perimeters.
