Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

ASUS Live Update Client Supply Chain Compromise Vulnerability

Vulnerability

A vulnerability exists in certain versions of the ASUS Live Update client for notebooks, due to unauthorized modifications introduced through a supply chain compromise. This vulnerability affects devices that installed the compromised versions and met specific targeting conditions, allowing them to perform unintended actions. The Live Update client has reached End-of-Support in October 2021, and no currently supported devices are affected.

Impact

The vulnerability could allow compromised devices to perform unintended actions, potentially leading to unauthorized access or manipulation of system functions.

Remediation

ASUS has released a fixed version of the Live Update client (version 3.6.8) that addresses the vulnerability by introducing security verification mechanisms, enhancing encryption, and updating the software architecture to prevent similar attacks. Affected users are advised to restore their operating systems to factory settings and contact ASUS Customer Service for assistance.

Added: Dec 17, 2025, 5:17 AM
Updated: Dec 17, 2025, 8:50 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
0.6
exploitability
6.1
remediation
7.7
relevance
1.6
threat
8.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.