Details of VAR-202511-2413

ID

VAR-202511-2413

CVE

CVE-2025-59372

TITLE

ASUS Router path traversal vulnerability (CNVD-2025-29937)

Trust: 0.6

sources: CNVD: CNVD-2025-29937

DESCRIPTION

A path traversal vulnerability has been identified in certain router models. A remote, authenticated attacker could exploit this vulnerability to write files outside the intended directory, potentially affecting device integrity. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management in home and enterprise networks

Trust: 1.44

sources: NVD: CVE-2025-59372 // CNVD: CNVD-2025-29937

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-29937

AFFECTED PRODUCTS

vendor:	asus	model:	router 3.0.0.4 386	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	router 3.0.0.4 388	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	router 3.0.0.6 102	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-29937

CVSS

SEVERITY

CVSSV2

CVSSV3

54bf65a7-a193-42d2-b1ba-8e150d3c35e1:	CVE-2025-59372
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-29937
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-29937
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:N/AC:L/AU:M/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-29937 // NVD: CVE-2025-59372

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.0

sources: NVD: CVE-2025-59372

PATCH

title:

Patch for ASUS Router path traversal vulnerability (CNVD-2025-29937)

url:

https://www.cnvd.org.cn/patchInfo/show/777161

Trust: 0.6

sources: CNVD: CNVD-2025-29937

EXTERNAL IDS

db:	NVD	id:	CVE-2025-59372	Trust: 1.6
db:	CNVD	id:	CNVD-2025-29937	Trust: 0.6

sources: CNVD: CNVD-2025-29937 // NVD: CVE-2025-59372

REFERENCES

url:	https://www.asus.com/security-advisory/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-59372	Trust: 0.6

sources: CNVD: CNVD-2025-29937 // NVD: CVE-2025-59372

SOURCES

db:	CNVD	id:	CNVD-2025-29937
db:	NVD	id:	CVE-2025-59372

LAST UPDATE DATE

2025-12-19T23:00:11.660000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-29937	date:	2025-12-04T00:00:00
db:	NVD	id:	CVE-2025-59372	date:	2025-11-25T22:16:16.690

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-29937	date:	2025-12-03T00:00:00
db:	NVD	id:	CVE-2025-59372	date:	2025-11-25T08:15:53.180