+49 155 609 62044valeri.milke@vamisec.com
Book an Appointment
← Back to BlogIT Security

CISA Flags Critical Vulnerability in ASUS Live Update Following Evidence of Active Exploitation

December 31, 2025

CISA Flags Critical Vulnerability in ASUS Live Update Following Evidence of Active Exploitation

Introduction

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability in ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog. This action is based on evidence of active exploitation of this vulnerability in the wild.

Vulnerability Details

The vulnerability, classified as CVE-2025-59374 with a CVSS score of 9.3, has been described as an "embedded malicious code vulnerability" introduced through a supply chain compromise. This is a serious issue with significant implications for the security of affected systems.

Available Protective Measures

To protect against this and similar vulnerabilities, organizations should perform regular software updates, use security solutions such as firewalls and antivirus programs, and implement effective vulnerability management.

Industry Relevance

CISA has consistently highlighted vulnerabilities in the past and emphasized the importance of cybersecurity. Their flagship report highlights how critical it is to track vulnerabilities in real-time and take appropriate measures promptly.

Do you have questions about your organization's IT security?

Free Initial Consultation →