Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Critical

Authentication Bypass in ASUS DSL Series Routers

IdentifiersCVE-2025-59367CWE-288· Authentication Bypass Using an…

CVE-2025-59367 is a critical authentication bypass vulnerability affecting certain ASUS DSL series routers, including DSL-AC51, DSL-N16, and DSL-AC750. According to ASUS and downstream advisories, the flaw may allow a remote attacker to bypass normal login controls and gain unauthorized access to the affected system or administrative interface without valid credentials. The public material provided does not identify the exact vulnerable function, request handler, or code path, but it consistently characterizes the issue as an authentication bypass in the router management plane. ASUS assigned fixed firmware version 1.1.2.3_1010 for supported affected models.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can give a remote attacker unauthorized administrative access to the router. From that position, the attacker may modify router configuration, change security settings, hijack or reroute network traffic, observe or intercept communications traversing the device, access sensitive information in transit, and potentially use the router as a foothold to affect connected systems. ASUS also notes that this class of flaw can enable persistent malware installation or botnet enrollment on exposed networking devices.

Mitigation

If you can’t patch tonight, do this now.

If patching is not immediately possible, reduce exposure of the management plane and internet-facing services. ASUS specifically recommends disabling all services accessible from the internet on unsupported/EOL devices, including remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP. More generally, restrict router administration to trusted internal networks or VPN-only access, disable remote management unless strictly required, review security settings for unnecessary exposure, use strong unique passwords for both Wi-Fi and router administration, avoid password reuse, and monitor device logs and vendor advisories. These measures reduce attack surface but do not fully eliminate risk.

Remediation

Patch, then assume compromise.

Apply the ASUS security update immediately. For the affected supported models identified in the provided content, ASUS released fixed firmware version 1.1.2.3_1010 for DSL-AC51, DSL-N16, and DSL-AC750. Firmware should be obtained from the relevant ASUS product page or the ASUS support/security advisory portal. For devices that are end-of-life and no longer receive firmware updates, replacement with a supported model is the appropriate remediation.
PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
ASUSDsl-Ac51 Firmwareoperating_system
ASUSDsl-Ac750 Firmwareoperating_system
ASUSDsl-N16 Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

20 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

20 SOURCESView more in app
thecyberexpress com vulnerabilitiesNews
Nov 21, 2025
CERT-In Warns of Critical Asus Router Flaw Exposing Millions in India

An authentication bypass vulnerability in ASUS DSL-series routers that allows remote, unauthorized access to the router administrative interface, enabling configuration tampering, traffic interception/rerouting, and potential compromise of connected devices.

Read more
bleeping computerNews
Nov 19, 2025
New WrtHug campaign hijacks thousands of end-of-life ASUS routers

Authentication bypass vulnerability in several ASUS AC-series router models; mentioned as fixed and not yet exploited, but potentially usable in future campaigns.

Read more
security online infoNews
Nov 14, 2025
Critical ASUS DSL Router Flaw (CVE-2025-59367, CVSS 9.3) Allows Unauthenticated Remote Access

A critical authentication bypass vulnerability in certain ASUS DSL Series routers that may allow remote, unauthenticated attackers to gain unauthorized access to the device.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity17

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-59367
NVD
nvd.nist.gov/vuln/detail/CVE-2025-59367
MITRE CWE · CWE-288
Authentication Bypass Using an Alternate Path…
Vendor Advisory
asus.com/security-advisory