CISA Warns of Exploited Flaw in Asus Update Tool

CISA Warns of Exploited Flaw in Asus Update Tool

Posted on By CWS

The US cybersecurity company CISA on Wednesday warned that hackers have been exploiting a vital vulnerability within the now-discontinued Asus Dwell Replace utility.

The exploited flaw is tracked as CVE-2025-59374 (CVSS rating of 9.3) and is described as “an embedded malicious code vulnerability”.

CISA notes that the backdoor was launched in a provide chain compromise, and that the affected gadgets may very well be abused to carry out unintended actions, if sure situations have been met.

The warning refers to Operation ShadowHammer, a complicated provide chain assault mounted in 2018 by Chinese language state-sponsored hackers. The assault was linked to the ShadowPad backdoor and attributed to APT41 (additionally tracked as Brass Hurricane, Depraved Panda, and Barium).

As a part of the assault, the hacking group injected a backdoor into Asus Dwell Replace, a utility that got here pre-installed on most Asus gadgets and which was used for the automated updating of BIOS, UEFI, drivers, and different elements.

Whereas over 1 million Asus customers may need downloaded the backdoored utility, the hackers have been reportedly all for solely round 600 particular gadgets, based mostly on hashed MAC addresses hardcoded in varied variations of the instrument.

The assault was uncovered in January 2019 and Asus launched a patch by March the identical 12 months.

Asus earlier this month suggested that help for the Asus Dwell Replace software has been discontinued. The final Asus Dwell Replace model is 3.6.15.Commercial. Scroll to proceed studying.

Nonetheless, the corporate mentioned it might proceed to offer software program updates by way of the utility, urging customers to replace to model 3.6.8 or increased to resolve safety defects.

On Wednesday, CISA added CVE-2025-59374 to its Identified Exploited Vulnerabilities (KEV) catalog, warning of the Asus Dwell Replace backdoor and urging federal companies to cease utilizing the utility.

Per Binding Operational Directive (BOD) 22-01, federal companies have three weeks to determine susceptible merchandise of their environments and deal with the problem.

Associated: SonicWall Patches Exploited SMA 1000 Zero-Day

Associated: China-Linked Hackers Exploiting Zero-Day in Cisco Safety Gear

Associated: In-the-Wild Exploitation of Contemporary Fortinet Flaws Begins

Associated: Google Sees 5 Chinese language Teams Exploiting React2Shell for Malware Supply

Security Week News Tags:, , , , , ,

Related Posts

Android’s December 2025 Updates Patch Two Zero-Days Android’s December 2025 Updates Patch Two Zero-Days Security Week News
3.5 Million Affected by University of Phoenix Data Breach 3.5 Million Affected by University of Phoenix Data Breach Security Week News
Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense Security Week News
Intel and AMD Address 70 Security Weaknesses on Patch Tuesday Intel and AMD Address 70 Security Weaknesses on Patch Tuesday Security Week News
DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total  DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total  Security Week News
French Soccer Federation Hit by Cyberattack, Member Data Stolen French Soccer Federation Hit by Cyberattack, Member Data Stolen Security Week News