External risk intelligence

ASUS Live Update Supply Chain Compromise

CVE advisoryKnown Exploit

CVE-2025-59374

Supply chain compromise affected ASUS Live Update client versions with unauthorized modifications. Devices meeting specific conditions and using compromised versions could perform unintended actions. The client is end-of-support, so no current products are impacted, limiting business risk.

1Halo Surface Signal

Asus Live Update

before 3.6.8

External exposure likelihood

Halo Surface Signal score for CVE-2025-59374

The vulnerable component is a client-side software update utility installed on end-user devices. It is not an internet-facing service, API, or gateway. The risk is limited to the local execution environment of the client software, making public internet exposure and remote reachability in the context of an attack surface not applicable.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability involves unauthorized modifications to the ASUS Live Update client, introduced through a supply chain compromise. Modified versions of the client could allow affected devices to perform unintended actions. The impacted client has reached its end-of-support, and currently supported devices are not affected.

  • Vulnerable component: ASUS Live Update client
  • Core weakness: Unauthorized modifications during distribution
  • Main business impact: Unintended actions on affected devices

Attack Path

How an attacker could exploit the issue

This vulnerability involves unauthorized modifications to the ASUS Live Update client through a supply chain compromise. Organizations using the affected client versions may experience unintended actions on targeted devices. The Live Update client has reached its end-of-support, and no currently supported devices are impacted.

  • Exposure via modified client distribution.
  • Attacker exploits unauthorized modifications.
  • Triggering causes unintended actions.

Live Threat

Current exploitation, exposure, and threat context

This situation involved unauthorized modifications to the ASUS Live Update client through a supply chain compromise. Only devices meeting specific targeting conditions and utilizing these compromised versions were affected. The Live Update client has reached its End-of-Support, and currently supported products are not impacted by this issue.

  • Attackers with general skills.
  • Specific conditions and compromised software versions.
  • Minimal business risk due to End-of-Support.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability involved unauthorized modifications to the ASUS Live Update client through a supply chain compromise. The compromised versions could trigger unintended actions on devices meeting specific criteria. Importantly, the Live Update client reached its end-of-support in October 2021, and no currently supported ASUS devices or products are impacted by this issue.

  • Identify ASUS Live Update installations.
  • Discontinue use of the product.
  • Monitor for related security advisories.

Frequently asked questions

What is the ASUS Live Update client?

The ASUS Live Update client is a software utility designed to help users of ASUS devices keep their system firmware, drivers, and applications up to date. It typically automates the process of checking for, downloading, and installing these important updates provided by ASUS.

How does CVE-2025-59374 represent a supply chain weakness?

CVE-2025-59374 is classified as a CWE-506 weakness, indicating the presence of code that was not authorized by the owner. In this case, unauthorized modifications were introduced into the ASUS Live Update client during its distribution, meaning the software supply chain was compromised.

What conditions are needed for this CVE to trigger unintended actions?

The vulnerability in CVE-2025-59374 is triggered only when both specific targeting conditions are met on a device and that device has installed a version of the ASUS Live Update client that was compromised during its distribution. If either of these conditions is not present, the unintended actions are not performed.

Who should be concerned about this CVE, considering its Halo Surface Signal?

This CVE is of very low concern from an external attack surface perspective because the affected ASUS Live Update client is not an internet-facing component. Its risk is confined to the local execution environment of the client software on an end-user device, not a network gateway or public service.

What is the first step for running this technology, given it's end-of-support?

Since the ASUS Live Update client has reached its End-of-Support (EOS) status and is no longer officially supported by ASUS, the primary recommended action is to discontinue its use. Monitoring for any further security advisories from ASUS related to this or other legacy products is also prudent.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified