CVE-2025-59367

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.asus.com/security-advisory	Vendor Advisory
https://www.asus.com/security-advisory	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:asus:dsl-ac51_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:asus:dsl-n16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:asus:dsl-ac750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-11-13 03:16

Updated : 2026-02-06 14:47

NVD link : CVE-2025-59367

Mitre link : CVE-2025-59367

CVE.ORG link : CVE-2025-59367

JSON object : View

Products Affected

asus

dsl-ac750
dsl-ac750_firmware
dsl-n16_firmware
dsl-ac51
dsl-n16
dsl-ac51_firmware

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-59367", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-11-13T03:16:26.327", "references": [{"url": "https://www.asus.com/security-advisory", "tags": ["Vendor Advisory"], "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}, {"url": "https://www.asus.com/security-advisory", "tags": ["Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "description": [{"lang": "en", "value": "CWE-288"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information."}], "lastModified": "2026-02-06T14:47:50.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-ac51_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09D3E242-53F7-4BE5-9D02-56512FD95835", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAC348F1-6C46-4637-A27F-D69DD1AC77F5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-n16_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A363206E-339B-4515-ABAA-D558187D3308", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDF90D44-4CD7-4166-A139-9F4A8D14F483"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-ac750_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69C7FF0F-A0B6-4AFA-9CCD-6D96678D7E71", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E54AD746-EEEE-4987-B343-36328D638398"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}