Gamers Nexus highlights Asus vulnerabilities as 2025 exploits hit routers and bloatware

Gamers Nexus identifies four primary security threats: Asus routers, DriverHub, MyAsus/RMA, and Armory Crate. Among them, the “AyySSHush” campaign (a.k.a. Ace Hush) is actively exploiting ASUS routers. Analysis by GreyNoise shows attackers are using brute-force, authentication bypasses, CVE‑2023‑39780 command injection, and reliance on built‑in ASUS AiProtection settings to install SSH backdoors in non‑volatile memory—surviving both reboots and firmware updates, prompting urgent calls to update firmware and perform factory resets.

Security researcher Paul “Mr. Bruh,” cited by Gamers Nexus, discovered a zero-click remote code execution vulnerability in Asus DriverHub and hardcoded administrator credentials within MyAsus and the RMA portal—exposing user data including names, birthdates, addresses, and phone numbers. Though ASUS deployed patches in May 2025, Gamers Nexus criticizes the response as token credit acknowledgements with no meaningful bug bounty incentives.

Cisco Talos researcher Marson Icewall Noga also documented two kernel-level exploits in Armory Crate’s ASIO3 driver, enabling physical memory mapping and low-level hardware access. Even with security updates, Gamers Nexus warns that Armory Crate continues to reinstall itself through BIOS settings and Windows firmware updates, effectively acting like elevated-risk bloatware. The recommendation remains: uninstall non-essential Asus utilities, disable BIOS installation toggles, and keep firmware current.

According to Gamers Nexus, Asus's continued rollout of motherboard-level utilities coupled with ignored software and router exploits creates an unnecessary and persistent attack surface. Users should proactively uninstall risky tools, disable bloatware mechanisms, and update router and system firmware immediately—especially as some exploits remain active despite official patches.