CVE-2025-59367

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.asus.com/security-advisory	Vendor Advisory
https://www.asus.com/security-advisory	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:asus:dsl-ac51_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:asus:dsl-n16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:asus:dsl-ac750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*

History

06 Feb 2026, 14:47

Type	Values Removed	Values Added
CWE		CWE-306
References	~~() https://www.asus.com/security-advisory -~~	() https://www.asus.com/security-advisory - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Asus Asus dsl-ac51 Firmware Asus dsl-ac51 Asus dsl-ac750 Asus dsl-n16 Asus dsl-n16 Firmware Asus dsl-ac750 Firmware
CPE		cpe:2.3:h:asus:dsl-ac51:-:::::::* cpe:2.3:o:asus:dsl-ac51_firmware:::::::: cpe:2.3:h:asus:dsl-ac750:-:::::::* cpe:2.3:o:asus:dsl-n16_firmware:::::::: cpe:2.3:h:asus:dsl-n16:-:::::::* cpe:2.3:o:asus:dsl-ac750_firmware::::::::

13 Nov 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://www.asus.com/security-advisory -~~	() https://www.asus.com/security-advisory -

13 Nov 2025, 03:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-13 03:16

Updated : 2026-02-06 14:47

NVD link : CVE-2025-59367

Mitre link : CVE-2025-59367

CVE.ORG link : CVE-2025-59367

JSON object : View

Products Affected

asus

dsl-ac750
dsl-n16
dsl-ac51
dsl-n16_firmware
dsl-ac51_firmware
dsl-ac750_firmware

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-59367", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-11-13T03:16:26.327", "references": [{"url": "https://www.asus.com/security-advisory", "tags": ["Vendor Advisory"], "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}, {"url": "https://www.asus.com/security-advisory", "tags": ["Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "description": [{"lang": "en", "value": "CWE-288"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information."}], "lastModified": "2026-02-06T14:47:50.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-ac51_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09D3E242-53F7-4BE5-9D02-56512FD95835", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAC348F1-6C46-4637-A27F-D69DD1AC77F5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-n16_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A363206E-339B-4515-ABAA-D558187D3308", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDF90D44-4CD7-4166-A139-9F4A8D14F483"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:dsl-ac750_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69C7FF0F-A0B6-4AFA-9CCD-6D96678D7E71", "versionEndExcluding": "1.1.2.3_1010"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E54AD746-EEEE-4987-B343-36328D638398"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}