CVE-2025-59374
📋 TL;DR
This CVE describes a supply chain compromise where unauthorized modifications were introduced into certain ASUS Live Update client versions. The modified builds could cause targeted devices to perform unintended actions. Only devices that installed the compromised versions before the software reached end-of-support in October 2021 are affected.
💻 Affected Systems
- ASUS Live Update client
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing remote code execution, data theft, or ransomware deployment on targeted devices.
Likely Case
Malicious payload execution leading to backdoor installation, data exfiltration, or system disruption on specifically targeted devices.
If Mitigated
No impact if devices never installed the compromised versions or if the software has been removed.
🎯 Exploit Status
The vulnerability was actively exploited through the supply chain compromise. Exploitation requires the victim to have installed the malicious version.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://www.asus.com/news/hqfgvuyz6uyayje1/
Restart Required: No
Instructions:
1. Uninstall ASUS Live Update client if present. 2. Verify no currently supported ASUS devices or products are affected. 3. The software reached End-of-Support in October 2021 and should not be in use.
🔧 Temporary Workarounds
Remove ASUS Live Update client
windowsUninstall the vulnerable software since it's no longer supported
Control Panel > Programs > Uninstall a program > Select ASUS Live Update > Uninstall
🧯 If You Can't Patch
- Network segmentation to isolate any devices with the vulnerable software
- Implement application allowlisting to prevent execution of unauthorized binaries
🔍 How to Verify
Check if Vulnerable:
Check if ASUS Live Update client is installed on Windows systems, particularly those from before October 2021.Check Version:
wmic product get name,version | findstr /i "ASUS Live Update"Verify Fix Applied:
Confirm ASUS Live Update client is not installed or has been removed from the system.📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from ASUS Live Update directories
- Network connections from Live Update process to unexpected destinations
Network Indicators:
- Outbound connections from Live Update client to non-ASUS domains/IPs
- Unusual DNS queries from systems with Live Update installed
SIEM Query:
Process creation where parent process contains 'LiveUpdate' OR network connection where process name contains 'LiveUpdate'