CVE-2025-59374

Description

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:asus:live_update:*:*:*:*:*:*:*:* - VULNERABLE

ASUS Live Update客户端（受影响的构建版本）

ASUS Live Update < EOS版本（2021年10月之前的所有版本）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-59374 PoC - ASUS Live Update供应链后门检测
# Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-59374

import hashlib
import os
import subprocess
import json
from datetime import datetime

def get_file_hash(filepath):
    """Calculate SHA256 hash of a file"""
    sha256_hash = hashlib.sha256()
    try:
        with open(filepath, 'rb') as f:
            for byte_block in iter(lambda: f.read(4096), b""):
                sha256_hash.update(byte_block)
        return sha256_hash.hexdigest()
    except Exception as e:
        return None

def check_asus_live_update():
    """
    Check if ASUS Live Update is installed and verify its integrity
    """
    results = {
        'cve_id': 'CVE-2025-59374',
        'check_date': datetime.now().isoformat(),
        'vulnerable_paths': [],
        'status': 'UNKNOWN'
    }
    
    # Common ASUS Live Update paths
    possible_paths = [
        r'C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe',
        r'C:\Program Files (x86)\ASUS\LiveUpdate\LiveUpdate.exe',
        r'C:\ProgramData\ASUS\LiveUpdate\LiveUpdate.exe'
    ]
    
    # Known malicious hashes (placeholder - update with actual IOCs)
    malicious_hashes = [
        'PLACEHOLDER_MALICIOUS_HASH_1',
        'PLACEHOLDER_MALICIOUS_HASH_2'
    ]
    
    for path in possible_paths:
        if os.path.exists(path):
            file_hash = get_file_hash(path)
            if file_hash:
                results['vulnerable_paths'].append({
                    'path': path,
                    'sha256': file_hash,
                    'is_malicious': file_hash in malicious_hashes
                })
    
    # Check if LiveUpdate is running
    try:
        result = subprocess.run(['tasklist'], capture_output=True, text=True)
        if 'LiveUpdate' in result.stdout:
            results['status'] = 'RUNNING_AND_POTENTIALLY_VULNERABLE'
        else:
            results['status'] = 'NOT_RUNNING'
    except:
        pass
    
    return results

def mitigation_recommendations():
    """Return mitigation steps for CVE-2025-59374"""
    return [
        'ASUS Live Update reached EOL in October 2021 - uninstall if installed',
        'Use alternative update methods from ASUS support website',
        'Block ASUS Live Update executable from network connections',
        'Monitor for suspicious network traffic from LiveUpdate processes',
        'Review system for Indicators of Compromise (IOCs)'
    ]

if __name__ == '__main__':
    print('CVE-2025-59374 Detection Script')
    print('ASUS Live Update Supply Chain Compromise Check')
    print('-' * 50)
    
    results = check_asus_live_update()
    print(json.dumps(results, indent=2))
    
    print('\nRecommended Actions:')
    for rec in mitigation_recommendations():
        print(f'  - {rec}')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59374
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59374
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59374/
[4] VulDB https://vuldb.com/cve/CVE-2025-59374
[5] https://www.asus.com/news/hqfgvuyz6uyayje1/
[6] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59374", "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "published": "2025-12-17T05:16:13.080", "lastModified": "2025-12-18T15:42:03.790", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "\"UNSUPPORTED WHEN ASSIGNED\" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue."}], "metrics": {"cvssMetricV40": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "cisaExploitAdd": "2025-12-17", "cisaActionDue": "2026-01-07", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "ASUS Live Update Embedded Malicious Code Vulnerability", "weaknesses": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-506"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:asus:live_update:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.6.8", "matchCriteriaId": "649A2172-4D6A-491F-A8CF-1CD0D253B879"}]}]}], "references": [{"url": "https://www.asus.com/news/hqfgvuyz6uyayje1/", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}]}}