CISA Warns of Active Exploits in ASUS Live Update

CISA Warns of Active Exploits in ASUS Live Update
December 18, 2025 at 12:00 AM

CISA has added a critical ASUS Live Update flaw to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation. Tracked as CVE-2025-59374 (CVSS 9.3), the issue stems from a supply chain compromise that injected malicious code into certain ASUS Live Update client builds, enabling unintended actions on targeted systems.

What happened

  • The vulnerability links back to Operation ShadowHammer, a coordinated supply chain attack disclosed in March 2019.
  • Kaspersky reported that attackers trojanized ASUS Live Update builds between June and November 2018, aiming at a very specific set of users.
  • Targeting relied on a hard-coded list of 600+ MAC addresses; only devices meeting those conditions and installing compromised versions were affected.
  • ASUS addressed the issue in Live Update version 3.6.8.

Why it matters now

  • CISA’s KEV entry signals confirmed in-the-wild exploitation, elevating urgency for remediation.
  • ASUS Live Update reached end-of-support (EOS) on December 4, 2025; the final release is version 3.6.15.
  • CISA is urging Federal Civilian Executive Branch (FCEB) agencies to discontinue use by January 7, 2026.

Recommended actions

  • Decommission ASUS Live Update: Plan immediate removal and replacement, especially in federal environments before the January 7, 2026 deadline.
  • If temporary use is unavoidable, upgrade to version 3.6.8 or later and verify official digital signatures and download sources.
  • Inventory and monitor: Identify systems with ASUS Live Update, validate versions, and monitor for unusual updater activity or network calls.
  • Review supply chain defenses: Tighten code-signing validation, asset allowlisting, and update distribution controls.

Key details at a glance

  • CVE: CVE-2025-59374
  • Severity: CVSS 9.3 (critical)
  • Vector: Supply chain compromise with embedded malicious code
  • Campaign: Operation ShadowHammer (2018), disclosed 2019 by Kaspersky
  • Fix: ASUS Live Update 3.6.8 and later; product EOS as of Dec 4, 2025; last version 3.6.15
  • Deadline: CISA urges discontinuation by Jan 7, 2026 (FCEB agencies)

ASUS statement: The company reaffirmed its commitment to security and advised users to update ASUS Live Update to version 3.6.8 or higher to address security concerns; however, with EOS in effect, organizations should plan for full deprecation.

Source: The Hacker News

Back…