This isn’t the first time AiCloud routers have been targeted by malicious actors.
Asus has released new firmware to address nine security issues, including a critical vulnerability that enables full authentication on routers with AiCloud enabled.
Critical flaw
AiCloud transforms many Asus routers into personal cloud servers for remote access, media streaming, and storage. This feature contained a flaw (CVE-2025-59366) that could lead to unauthorized access to router functions through a Samba module update.
The attack is relatively easy to execute, requires no privileges, and needs no user interaction. Asus urges users to update their firmware as soon as possible.
Not all models will receive updates
Asus only specified which firmware versions fix the vulnerability, not which router models are exactly affected. For end-of-life devices that no longer receive updates, the company provides several measures to minimize risks:
- Disable all services accessible from the internet (remote access, port forwarding, DDNS, VPN server, DMZ, FTP…).
- Block external access to devices running AiCloud.
- Use strong passwords for both the admin panel and WiFi network.
- Series of previous attacks on Asus routers
This isn’t the first time AiCloud routers have been targeted by malicious actors, according to BleepingComputer. In April, Asus had to patch another serious vulnerability (CVE-2025-2492) that was already being actively exploited in Operation WrtHug. This operation resulted in thousands of outdated Asus routers being compromised worldwide. According to SecurityScorecard researchers, these devices are likely being used for Chinese cyber operations.