Cyber Posture

CVE-2025-59367

Critical

Published: 13 November 2025

Published
13 November 2025
Modified
06 February 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0024 47.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for…

more

more information.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the authentication bypass vulnerability by requiring timely remediation through application of ASUS firmware patches as specified in the security advisory.

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Prevents authentication bypass via alternate paths by explicitly identifying, documenting, and restricting actions permissible without identification and authentication to only essential ones.

IA-8 Identification and Authentication (Non-organizational Users) good match
prevent

Enforces identification and authentication for non-organizational users, countering remote unauthenticated access to the router's critical administrative functions.

Security SummaryAI

CVE-2025-59367 is an authentication bypass vulnerability affecting certain DSL series routers from ASUS. Classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and CWE-306 (Missing Authentication for Critical Function), it enables remote attackers to circumvent authentication mechanisms and gain unauthorized access to the affected system. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and potential for high impact on confidentiality, integrity, and availability.

Remote, unauthenticated attackers can exploit this vulnerability over the network without user interaction or privileges. Successful exploitation grants unauthorized access to the router's administrative functions, potentially allowing full control over the device, including configuration changes, data exfiltration, or use as a pivot for further network compromise.

The ASUS Security Advisory, referenced at https://www.asus.com/security-advisory, provides details on mitigation in its 'Security Update for DSL Series Router' section, which likely includes firmware patches or updates to address the issue. Security practitioners should consult this advisory for model-specific remediation steps and apply updates promptly.

Details

CWE(s)
CWE-288CWE-306

Affected Products

asus
dsl-ac51 firmware
≤ 1.1.2.3_1010
asus
dsl-n16 firmware
≤ 1.1.2.3_1010
asus
dsl-ac750 firmware
≤ 1.1.2.3_1010

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability is an authentication bypass in a public-facing DSL router management interface, enabling remote unauthenticated exploitation for initial access, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References