CISA Warns of Exploited Flaw in Asus Update Tool

Posted on By CWS

The US cybersecurity company CISA on Wednesday warned that hackers have been exploiting a vital vulnerability within the now-discontinued Asus Dwell Replace utility.

The exploited flaw is tracked as CVE-2025-59374 (CVSS rating of 9.3) and is described as “an embedded malicious code vulnerability”.

CISA notes that the backdoor was launched in a provide chain compromise, and that the affected gadgets may very well be abused to carry out unintended actions, if sure situations have been met.

The warning refers to Operation ShadowHammer, a complicated provide chain assault mounted in 2018 by Chinese language state-sponsored hackers. The assault was linked to the ShadowPad backdoor and attributed to APT41 (additionally tracked as Brass Hurricane, Depraved Panda, and Barium).

As a part of the assault, the hacking group injected a backdoor into Asus Dwell Replace, a utility that got here pre-installed on most Asus gadgets and which was used for the automated updating of BIOS, UEFI, drivers, and different elements.

Whereas over 1 million Asus customers may need downloaded the backdoored utility, the hackers have been reportedly all for solely round 600 particular gadgets, based mostly on hashed MAC addresses hardcoded in varied variations of the instrument.

The assault was uncovered in January 2019 and Asus launched a patch by March the identical 12 months.

Asus earlier this month suggested that help for the Asus Dwell Replace software has been discontinued. The final Asus Dwell Replace model is 3.6.15.Commercial. Scroll to proceed studying.

Nonetheless, the corporate mentioned it might proceed to offer software program updates by way of the utility, urging customers to replace to model 3.6.8 or increased to resolve safety defects.

On Wednesday, CISA added CVE-2025-59374 to its Identified Exploited Vulnerabilities (KEV) catalog, warning of the Asus Dwell Replace backdoor and urging federal companies to cease utilizing the utility.

Per Binding Operational Directive (BOD) 22-01, federal companies have three weeks to determine susceptible merchandise of their environments and deal with the problem.

Associated: SonicWall Patches Exploited SMA 1000 Zero-Day

Associated: China-Linked Hackers Exploiting Zero-Day in Cisco Safety Gear

Associated: In-the-Wild Exploitation of Contemporary Fortinet Flaws Begins

Associated: Google Sees 5 Chinese language Teams Exploiting React2Shell for Malware Supply

Security Week News Tags:, , , , , ,

Related Posts

JPMorgan to Invest up to $10 Billion in US Companies with Crucial Ties to National Security Security Week News
Descope Raises $35 Million in Seed Round Extension Security Week News
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week Security Week News
Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway Security Week News
Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack Security Week News
ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware Security Week News