CISA Warns Federal Agencies About Exploited Backdoor in Discontinued Asus Update Tool

CISA warns federal agencies of a critical Asus Live Update vulnerability, urging removal of the software linked to APT41's 2018 attack.

By Content Team

Dec 18, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

CISA added a critical vulnerability in Asus Live Update utility to its Known Exploited Vulnerabilities catalog Wednesday, warning federal agencies to stop using the now-discontinued software. The flaw (CVE-2025-59374) stems from Operation ShadowHammer, a 2018 supply chain attack by Chinese state-sponsored group APT41.

The hackers injected a backdoor into the pre-installed utility used for updating BIOS and drivers on Asus devices. While over 1 million users downloaded the compromised software, attackers targeted only about 600 specific devices based on hardcoded MAC addresses. Asus patched the issue in March 2019 after discovery.

Federal agencies have three weeks to identify and remove vulnerable products from their networks.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Instagram Fixes Password Reset Bug as Old Data Leak Resurfaces

Jan 12, 2026

Bitwarden's CLI Tool Was Secretly Weaponized to Steal Cloud Credentials

Apr 25, 2026

Trellix Source Code Repository Breached in Suspected Supply Chain Attack

May 4, 2026

AI Recruiting Firm Mercor Hit by Major Supply Chain Attack

Apr 2, 2026