CVE-2025-59374
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-17

Last updated on: 2025-12-18

Assigner: ASUS

Description
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-17
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59374
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
asus live_update to 3.6.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-506 The product contains code that appears to be malicious in nature.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-59374 is a vulnerability involving a supply chain compromise of the ASUS Live Update client, a software pre-installed on ASUS notebook computers to deliver drivers and firmware updates. Certain versions of this client were modified with unauthorized malicious code by Advanced Persistent Threat (APT) groups, typically nation-state actors, targeting a very limited and specific group of users. These compromised versions could cause affected devices to perform unintended actions. ASUS has since released an updated version with enhanced security measures and provided tools for users to detect and remove the malware. [1]


How can this vulnerability impact me? :

If your ASUS notebook device was among the very limited and specific group targeted and had the compromised version of the Live Update client installed, it could have performed unintended malicious actions due to the implanted code. This could lead to unauthorized control or manipulation of your device. ASUS recommends affected users back up their files, restore their systems to factory settings, update passwords, and use the provided diagnostic tool to check for infection. However, devices not meeting the targeting conditions or using supported versions are not affected. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by using the ASUS Diagnostic Tool v1.0.1.0, which was developed and provided by ASUS to check if systems are affected by the compromised ASUS Live Update client. There are no specific commands provided in the resources for manual detection. Users are encouraged to run this diagnostic tool or contact ASUS support for assistance. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include: 1) Using the ASUS Diagnostic Tool to check if your system is affected. 2) If affected, immediately back up your files. 3) Restore your operating system to factory settings to completely remove the malware. 4) Regularly update your passwords to secure your information. Additionally, ensure that the ASUS Live Update software is updated to version 3.6.8 or later, which includes multiple security verification mechanisms and enhanced encryption to prevent malicious manipulation. [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart