PromptRiskDBThreat intelligence atlas

CVE-2025-59374 - ASUS Live Update

AI Vulnerability Context

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached E...

Overview

A source-backed snapshot of this vulnerability.

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.

CISA KEVyesWhether CISA lists this as exploited.
Techniques0AI attack methods connected to this vulnerability.
Case studies0Examples where this vulnerability is mentioned.

Vulnerability status

How serious this vulnerability is and whether it is known to be exploited.

CISA KEVCRITICAL
CVE ID
CVE-2025-59374
Vendor/project
ASUS
Product
Live Update
Vulnerability name
ASUS Live Update Embedded Malicious Code Vulnerability
Date added
2025-12-17
Due date
2026-01-07
Known ransomware campaign use
Unknown
CVSS v3
9.8
CVSS v4
9.3
CWE-506

Exploit context

What the vulnerability is about.

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.

Source evidence

Original public records and references for this page.

Original source

Original source links

Open the public records and source datasets used for this page.