Back to KEVs

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 15, 2025
Published Date
December 17, 2025
Last Updated
February 26, 2026
Vendor
ASUS
Product
live update
Description
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
Tags
cisa

CVSS Scores

CVSS v4.0

9.3 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:46:31 UTC) Source

References

https://www.asus.com/news/hqfgvuyz6uyayje1/

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:46:31 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel