Search
Search
Published: December 22, 2025 | Source: Ethical Hacking | Author: Mark Campbell

Uninstall ASUS Live Update Immediately

US Government adds ASUS’ Live Update software to its “Known Exploited Vulnerabilities Catalog”

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has added ASUS’ Live Update software to its “Known Exploited Vulnerabilities Catalog” over seven years after the vulnerability was uncovered. This is because the agency now believes that the vulnerability is being actively exploited.

ASUS suffered an APT (Advanced Persistent Threat) attack in 2018. Alleged “national-level” attackers compromised ASUS servers and delivered a malicious version of ASUS’ Live Update software to users. This meant that anyone who updated Live Update during that time received a malicious version of the software. Ethical Hacking has alleged that “over 1 million users” received this update. Live Update was shipped as part of all ASUS notebook computers at the time.

On December 17th, ASUS’ Live Update malicious code vulnerability was assigned the CVE-2025-59374 designation. Under CVSS 3.1 and CVSS 4.0 standards, the vulnerability has been given scores of 9.8 and 9.3, respectively—both rate this as a “Critical” vulnerability.

ASUS shipped malware to over 1 million users. From their official servers. Signed with their real certificates. CVE-2025-59374. CVSS 9.8 (NVD). CISA just added it to their Known Exploited Vulnerabilities list this week.
CVE-2025-59374
→ CVSS 9.8 (v3.1, NVD): CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
→ CVSS 9.3 (v4.0, ASUS/vendor)
Two scores, both official. NVD still uses CVSS 3.1, ASUS reports in the newer 4.0 standard. Either way: Critical.
This attack happened in 2018. But it just got a CVE number now. Seven years later.
Attackers broke into ASUS servers and injected a backdoor into ASUS Live Update. The tool that updates your BIOS, drivers, and firmware. Pre-installed on every ASUS notebook.
The attack has been attributed to APT41, also known as BARIUM or Winnti. This group is known for blending state-sponsored espionage with financially motivated cybercrime.
For 5 months, between June and November 2018, every ASUS user who ran an update potentially downloaded malware straight from official ASUS servers.

Previously, it was believed that this hack was used to target specific individuals. Now the CISA has added the vulnerability to its “Known Exploited Vulnerabilities Catalog”. This implies that attackers are actively exploiting the vulnerability.

While ASUS removed the exploited version of the tool from its website and released new, fixed, versions in 2019 (more info here), it appears that many PCs still carry the old/infected version of the software. If you own an ASUS notebook from that timeframe, your PC could be infected.

The CISA wants this exploit removed from all federal computers

The CISA has called on federal authorities to take action to ensure that all federal computers are no longer affected by this vulnerability. A deadline of January 7th, 2026, has been set for all government agencies to remove the software or apply mitigations. Since ASUS no longer supports this software, most agencies will remove this software from affected PCs.

ASUS | Live Update

CVE-2025-59374

ASUS Live Update Embedded Malicious Code Vulnerability: ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-12-17
Due Date: 2026-01-07

CISA

Why you should just uninstall ASUS’ Live Update software

ASUS no longer supports its Live Update software. ASUS ended support for the software on December 4th 2025. Since ASUS has now abandoned the software, there is no reason for users to keep it installed on their systems. Anyone who has this software installed should uninstall it. Even if you use a newer, uncompromised version, there is no reason keep the software installed anymore.

While not all versions of ASUS’ Live Update software are infected, there is no reason why ASUS notebook users should still have this software. You could check to see if your version is compromised or not, or you could just remove the software.

We announced end of support for ASUS LiveUpdate on 2025/12/4, the last version is 3.6.15.

ASUS

You can join the discussion on CVE-2025-59374 on the OC3D Forums.

Mark Campbell

Mark Campbell

A Northern Irish father, husband, and techie that works to turn tea and coffee into articles when he isn’t painting his extensive minis collection or using things to make other things.

Follow Mark Campbell on Twitter
View more about me and my articles.

Latest News

Uh-oh! It looks like you're using an ad blocker.

OC3D relies on ads to provide free content and sustain our operations. By white listing us on your ad blocker, you help support us and ensure we can continue offering valuable content without any cost to you. We only run our own hand picked ads from Industry brands like MSI, BeQuiet, Sapphire and PC-Specialist - meaning they are all relevent to the content you are reading.

We truly appreciate your understanding and support. Thank you for considering whitelisting OC3D