ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device.

The vulnerability, tracked under CVE-2025–2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous.

“An improper authentication control vulnerability exists in certain ASUS router firmware series,” reads the vendor’s bulletin.