CVE-2025-59374
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-59374
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
内嵌的恶意代码
Source: NVD (National Vulnerability Database)
Vulnerability Title
ASUS Live Update 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ASUS Live Update是中国华硕(ASUS)公司的一款自动驱动与固件更新工具。 ASUS Live Update存在安全漏洞,该漏洞源于供应链攻击导致版本被篡改,可能导致设备执行非预期操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ASUS | live update | before 3.6.6 | - |
II. Public POCs for CVE-2025-59374
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-59374
请登录查看更多情报信息。
- https://www.asus.com/news/hqfgvuyz6uyayje1/vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-59374
Same Patch Batch · ASUS · 2025-12-17 · 3 CVEs total
| CVE-2025-11775 | ASUS Armoury Crate 安全漏洞 | |
| CVE-2025-11901 | ASUS Motherboards 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-506
- CVE-2026-6443
Essentialplugin Plugins (Various Versions) - Injected Backdo - CVE-2026-34424
Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Acces - CVE-2026-33634
Trivy ecosystem supply chain briefly compromised - CVE-2026-31976
xygeni-action v5 tag poisoned with C2 backdoor - CVE-2026-28353
Trivy Vulnerability Scanner: Unauthorized AI Agent Execution
V. Comments for CVE-2025-59374
No comments yet