ASUS Live Update < 3.6.8 Embedded Malicious Code (CVE-2025-59374)

The version of ASUS Live Update installed on the remote host is prior to 3.6.8 and, therefore, affected by an embedded malicious code vulnerability. - Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The...

CISA warns ASUS Live Update backdoor is still exploitable, seven years on

Recently, the Cybersecurity and Infrastructure Security Agency CISA added along with two others a vulnerability in ASUS Live Update to its catalog of Known Exploited Vulnerabilities KEV. The KEV catalog lists vulnerabilities that are known to be exploited in the wild and sets patch deadlines for...

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 CVSS score: 9.3, has been described...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

The CVE-2025-59374 entry describes a supply-chain compromise in ASUS Live Update, where unauthorized modifications were distributed in several historical builds. Affected versions include ASUS Live Update prior to 3.6.8 and versions 3.6.8–3.6.15, with End-of-Support reached in October 2021. The v...

EUVD-2025-203872

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

ASUS Live Update 安全漏洞

ASUS Live Update is an automated driver and firmware update tool from Asus China. A security vulnerability exists in ASUS Live Update, which stems from a supply chain attack that results in a tampered version, which could cause the device to perform unintended operations...

VulnCheck KEV: CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

ASUS Live Update Embedded Malicious Code Vulnerability

ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The impacted produc...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

Operation ShadowHammer: a high-profile supply chain attack

In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard. The topic was also one of the research announcements made at the SAS conference, whic...

Some ASUS Updates Drop Backdoors on PCs in 'Operation ShadowHammer'

A supply-chain attack dubbed “Operation ShadowHammer” has been uncovered, targeting users of the ASUS Live Update Utility with a backdoor injection. The China-backed BARIUM APT is suspected to be at the helm of the project. According to Kaspersky Lab, the campaign ran from June to at least Novemb...

Operation ShadowHammer

Earlier today, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software. While the investigation is still in progress and full results and technical paper will be published during SAS 2019 conference in...