CVE-2025-59367 Overview
CVE-2025-59367 is an authentication bypass vulnerability affecting multiple ASUS DSL series routers. The flaw allows remote attackers to gain unauthorized access to the affected systems without valid credentials. ASUS has acknowledged the issue in its security advisory and released firmware updates for the impacted DSL router models.
The vulnerability is classified under [CWE-288] (Authentication Bypass Using an Alternate Path or Channel) and [CWE-306] (Missing Authentication for Critical Function). With a network-based attack vector requiring no user interaction or privileges, the issue presents a significant exposure for any DSL router reachable from the internet or untrusted networks.
Critical Impact
Remote, unauthenticated attackers can gain unauthorized administrative access to affected ASUS DSL routers, enabling traffic interception, configuration tampering, and pivoting into internal networks.
Affected Products
- ASUS DSL-AC51 (router and firmware)
- ASUS DSL-N16 (router and firmware)
- ASUS DSL-AC750 (router and firmware)
Discovery Timeline
- 2025-11-13 - CVE-2025-59367 published to NVD
- 2026-02-06 - Last updated in NVD database
Technical Details for CVE-2025-59367
Vulnerability Analysis
The vulnerability allows attackers to bypass the authentication mechanism on the affected ASUS DSL series routers. The combination of [CWE-288] and [CWE-306] indicates that the device exposes a critical administrative function through a path that either does not require authentication or accepts authentication via an alternate channel that an attacker can reach without valid credentials.
Because the attack vector is network-based and requires no user interaction, an adversary only needs reachability to the router's management interface. Exposure increases when remote administration is enabled on the WAN interface, but adjacent attackers on the LAN or Wi-Fi can also reach the management plane.
Successful exploitation grants unauthorized access to the router's administrative functions. From there, attackers can modify DNS settings, alter firewall rules, enable remote access services, deploy persistent configurations, or use the device as a foothold for further network intrusion.
Root Cause
The root cause is missing or improperly enforced authentication on a critical function within the router's web management interface. The presence of [CWE-306] suggests that at least one administrative endpoint can be invoked without credential validation. The accompanying [CWE-288] mapping indicates that the issue may also involve an alternate path, such as a debug, recovery, or legacy interface, that circumvents the normal login flow.
Attack Vector
Attackers send crafted HTTP or HTTPS requests to the router's management interface over the network. No prior authentication, user interaction, or privileged position is required. ASUS has not published exploitation details, and no public proof-of-concept code is currently available. Refer to the ASUS Security Advisory for technical details on the affected endpoints and patch notes.
The vulnerability is described in prose only. No verified exploit code is available at this time.
Detection Methods for CVE-2025-59367
Indicators of Compromise
- Unexpected changes to router DNS server configuration, firewall rules, or port forwarding entries.
- New or modified administrative accounts on the router, or login events from unfamiliar source IP addresses.
- Remote management or SSH/Telnet services enabled on the WAN interface when not previously configured.
- Unusual outbound connections from the router to unknown command-and-control infrastructure.
Detection Strategies
- Inspect router logs for administrative actions that lack a preceding successful authentication event.
- Compare current firmware versions against the patched releases listed in the ASUS Security Advisory.
- Scan internal and external networks for exposed management interfaces on affected DSL models.
Monitoring Recommendations
- Forward router syslog data to a centralized logging or SIEM platform for correlation and retention.
- Alert on configuration changes, firmware reflash events, and new administrative sessions on edge devices.
- Monitor for anomalous DNS resolver settings on client devices that may indicate router-level redirection.
How to Mitigate CVE-2025-59367
Immediate Actions Required
- Apply the latest firmware update for affected DSL-AC51, DSL-N16, and DSL-AC750 routers as published in the ASUS Security Advisory.
- Disable remote (WAN-side) administration on all DSL routers until patching is confirmed.
- Audit router configurations for unauthorized changes to DNS, firewall, and port forwarding settings.
- Rotate administrative passwords and any pre-shared keys after patching.
Patch Information
ASUS has released firmware updates addressing this vulnerability for the affected DSL series routers. Administrators should consult the ASUS Security Advisory under the "Security Update for DSL Series Router" section to obtain the specific firmware versions and installation instructions for each model.
Workarounds
- Restrict access to the router's management interface to trusted LAN hosts only.
- Disable WAN-side HTTP, HTTPS, SSH, and Telnet administration where supported.
- Place legacy or end-of-life DSL routers behind a separate firewall, or replace them with currently supported models.
# Configuration example: restrict management to LAN only
# (Apply via the router's web UI under Administration > System)
Enable Web Access from WAN: No
Enable Telnet: No
Enable SSH from WAN: No
Allowed Management IPs: <trusted internal subnet>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
