US EditionCISA Flags ASUS Live Update CVE, but the Attack Is Years Old
CVE-2025-59374 documents the 2018-19 ShadowHammer attack on ASUS Live Update, now listed in CISA’s catalog with a critical 9.3 score despite no active threat.
4 Articles
4 Articles
Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack.
Cybercriminals are re-attacking a vulnerability with a severity score of 9.3 on ASUS laptops.
You thought your PC was armored with all your protections activated? Well, that was before Riot Games researchers (yes, the same guys behind League of Legends and Valorant) discovered a big UEFI flaw that affects the motherboards of the four largest manufacturers in the market, namely ASUS, Gigabyte, MSI and ASRock. The flaw is available in several CVEs according to the manufacturers (CVE-2025-11901 for ASUS, CVE-2025-14302 for Gigabyte, CVE-202…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
