The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild.
CVE-2025-59374 affects ASUS Live Update software and stems from a sophisticated supply chain compromise that embedded malicious code into legitimate software distributions.
Supply Chain Attack Details
The vulnerability involves unauthorized modifications introduced through a supply chain compromise affecting ASUS Live Update.
Attackers successfully infiltrated the software distribution channel, allowing modified builds containing embedded malicious code to reach end users.
These compromised versions could trigger unintended actions on devices that met specific targeting conditions, suggesting a highly targeted attack campaign.
The vulnerability is classified under CWE-506, which relates to embedded malicious code weaknesses.
This classification highlights the severity of supply chain attacks, where threat actors compromise trusted software before it reaches customers.
ASUS Live Update clients distributed during the compromise period are affected by this vulnerability.
CISA warns that impacted products may already be end-of-life (EoL) or end-of-service (EoS), complicating remediation efforts for organisations still using these versions.
Federal agencies have until January 7, 2026, to address this vulnerability according to CISA’s Binding Operational Directive 22-01.
Organizations are urged to apply mitigations per vendor instructions immediately or follow applicable guidance for cloud services.
If mitigation measures are unavailable, CISA recommends discontinuing use of the affected product entirely.
While it remains unknown whether CVE-2025-59374 has been leveraged in ransomware campaigns, its addition to the KEV catalog confirms active exploitation by threat actors.
The supply chain nature of this attack amplifies concerns, as compromised software can spread widely before detection.
Organizations using ASUS Live Update should immediately verify their software versions, review system logs for suspicious activity, and implement recommended security measures.
This incident underscores the growing threat of supply chain attacks targeting software update mechanisms to distribute malware.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.