ASUS Routers Hit by Critical AiCloud Security Flaw
ASUS has disclosed CVE-2025-2492, a critical authentication-bypass flaw (CVSS 9.2) affecting multiple router models that run the AiCloud remote-access feature. A crafted request lets remote attackers execute functions without logging in. ASUS has released patched firmware in the 382, 386, 388 and 102 branches and urges owners to update immediately. Those using end-of-life models should disable AiCloud and close WAN-facing services. No active exploitation is yet reported, but such router flaws are often harvested for botnets, so fast patching is essential.
ASUS has warned customers about a serious vulnerability in several of its home and small-office routers. The bug, tracked as CVE-2025-2492 and scoring 9.2 / 10 on the CVSS scale, allows attackers on the internet to bypass login pages and run commands on devices that have the AiCloud feature switched on.
What’s AiCloud?
AiCloud turns your router into a personal cloud server, letting you stream or share files when you’re away from home. Unfortunately, the same convenience gives crooks a way in if the firmware is out of date.
Who’s Affected?
Routers running the 3.0.0.4_382, _386, _388 or 3.0.0.6_102 firmware streams are in scope. ASUS has published updated firmware for supported models; owners of end-of-life units should switch AiCloud off and close remote-access services such as DDNS or VPN.
What Should I Do?
1. Download the latest firmware from ASUS Support or via your router’s admin page.
2. Install it straight away, then reboot.
3. Use a strong, unique admin password (at least ten characters with numbers and symbols).
4. Consider disabling remote admin if you never use it.
There are no signs of live attacks yet, but history shows router flaws become targets quickly. A ten-minute firmware update today could save hours of clean-up later.