CVE-2025-59367

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.

References

Link	Resource
https://www.asus.com/security-advisory	Vendor Advisory
https://www.asus.com/security-advisory	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:asus:dsl-ac51_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:asus:dsl-n16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:asus:dsl-ac750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*

History

06 Feb 2026, 14:47

Type	Values Removed	Values Added
CWE		CWE-306
References	~~() https://www.asus.com/security-advisory -~~	() https://www.asus.com/security-advisory - Vendor Advisory
CPE		cpe:2.3:o:asus:dsl-n16_firmware:::::::: cpe:2.3:o:asus:dsl-ac750_firmware:::::::: cpe:2.3:h:asus:dsl-ac51:-:::::::* cpe:2.3:h:asus:dsl-n16:-:::::::* cpe:2.3:h:asus:dsl-ac750:-:::::::* cpe:2.3:o:asus:dsl-ac51_firmware::::::::
First Time		Asus dsl-ac750 Asus Asus dsl-ac750 Firmware Asus dsl-n16 Firmware Asus dsl-ac51 Asus dsl-n16 Asus dsl-ac51 Firmware
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

13 Nov 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://www.asus.com/security-advisory -~~	() https://www.asus.com/security-advisory -

13 Nov 2025, 03:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-13 03:16

Updated : 2026-02-06 14:47

NVD link : CVE-2025-59367

Mitre link : CVE-2025-59367

CVE.ORG link : CVE-2025-59367

JSON object : View

Products Affected

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-59367", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-11-13T03:16:26.327", "references": [{"url": "https://www.asus.com/security-advisory", "tags": ["Vendor Advisory"], "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}, {"url": "https://www.asus.com/security-advisory", "tags": ["Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "description": [{"lang": "en", "value": "CWE-288"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information."}], "lastModified": "2026-02-06T14:47:50.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-ac51_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09D3E242-53F7-4BE5-9D02-56512FD95835", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAC348F1-6C46-4637-A27F-D69DD1AC77F5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-n16_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A363206E-339B-4515-ABAA-D558187D3308", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDF90D44-4CD7-4166-A139-9F4A8D14F483"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-ac750_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69C7FF0F-A0B6-4AFA-9CCD-6D96678D7E71", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E54AD746-EEEE-4987-B343-36328D638398"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}