CISA Warns of Exploited Flaw in Asus Update Tool

Posted on By CWS

The US cybersecurity company CISA on Wednesday warned that hackers have been exploiting a vital vulnerability within the now-discontinued Asus Dwell Replace utility.

The exploited flaw is tracked as CVE-2025-59374 (CVSS rating of 9.3) and is described as “an embedded malicious code vulnerability”.

CISA notes that the backdoor was launched in a provide chain compromise, and that the affected gadgets may very well be abused to carry out unintended actions, if sure situations have been met.

The warning refers to Operation ShadowHammer, a complicated provide chain assault mounted in 2018 by Chinese language state-sponsored hackers. The assault was linked to the ShadowPad backdoor and attributed to APT41 (additionally tracked as Brass Hurricane, Depraved Panda, and Barium).

As a part of the assault, the hacking group injected a backdoor into Asus Dwell Replace, a utility that got here pre-installed on most Asus gadgets and which was used for the automated updating of BIOS, UEFI, drivers, and different elements.

Whereas over 1 million Asus customers may need downloaded the backdoored utility, the hackers have been reportedly all for solely round 600 particular gadgets, based mostly on hashed MAC addresses hardcoded in varied variations of the instrument.

The assault was uncovered in January 2019 and Asus launched a patch by March the identical 12 months.

Asus earlier this month suggested that help for the Asus Dwell Replace software has been discontinued. The final Asus Dwell Replace model is 3.6.15.Commercial. Scroll to proceed studying.

Nonetheless, the corporate mentioned it might proceed to offer software program updates by way of the utility, urging customers to replace to model 3.6.8 or increased to resolve safety defects.

On Wednesday, CISA added CVE-2025-59374 to its Identified Exploited Vulnerabilities (KEV) catalog, warning of the Asus Dwell Replace backdoor and urging federal companies to cease utilizing the utility.

Per Binding Operational Directive (BOD) 22-01, federal companies have three weeks to determine susceptible merchandise of their environments and deal with the problem.

Associated: SonicWall Patches Exploited SMA 1000 Zero-Day

Associated: China-Linked Hackers Exploiting Zero-Day in Cisco Safety Gear

Associated: In-the-Wild Exploitation of Contemporary Fortinet Flaws Begins

Associated: Google Sees 5 Chinese language Teams Exploiting React2Shell for Malware Supply

Security Week News Tags:, , , , , ,

Related Posts

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities Security Week News
Google Offers Up to $20,000 in New AI Bug Bounty Program Security Week News
In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia Security Week News
US Seeks Forfeiture of $7.74M in Cryptocurrency Tied to North Korean IT Workers Security Week News
ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities Security Week News
MATLAB Maker MathWorks Recovering From Ransomware Attack Security Week News