ASUS Discontinues File Shredder Feature After Critical Vulnerability Discovery
ASUS has removed the File Shredder feature from its Business Manager software following the identification of a critical security flaw, CVE-2025-13348. The vulnerability, disclosed in a security bulletin on February 2, 2026, affects ASUS Business Manager version 3.0.36.0 and earlier, posing significant exploitation risks.
Instead of issuing a patch, ASUS opted for a complete removal of the feature, signaling the severity of the issue. Updated versions of the software no longer include File Shredder, eliminating the attack vector. Users are urged to upgrade to versions beyond 3.0.36.0 to mitigate exposure.
The flaw underscores the broader threat landscape, as ASUS has released 89 security advisories in 2025 and early 2026 for products including routers, UEFI firmware, and MyASUS. The company, a CVE Numbering Authority (CNA) and FIRST member, adheres to ISO 29147:2018 and ISO 30111:2019 standards for vulnerability management.
Organizations using ASUS Business Manager should verify the absence of File Shredder in their installations and assess logs for prior exploitation. Alternative secure data deletion tools may be necessary for those relying on the deprecated functionality.
Source: https://cyberpress.org/asus-discontinues-file-shredder/
ASUS cybersecurity rating report: https://www.rankiteo.com/company/asus
"id": "ASU1770130670",
"linkid": "asus",
"type": "Vulnerability",
"date": "2/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Technology/Hardware',
'name': 'ASUS',
'type': 'Company'}],
'attack_vector': 'File Shredder feature',
'customer_advisories': 'Users are urged to upgrade to versions beyond '
'3.0.36.0 to mitigate exposure.',
'date_publicly_disclosed': '2026-02-02',
'description': 'ASUS has removed the File Shredder feature from its Business '
'Manager software following the identification of a critical '
'security flaw, CVE-2025-13348. The vulnerability affects ASUS '
'Business Manager version 3.0.36.0 and earlier, posing '
'significant exploitation risks. Instead of issuing a patch, '
'ASUS opted for a complete removal of the feature. Users are '
'urged to upgrade to versions beyond 3.0.36.0 to mitigate '
'exposure.',
'impact': {'operational_impact': 'Removal of File Shredder feature may '
'require alternative secure data deletion '
'tools',
'systems_affected': 'ASUS Business Manager version 3.0.36.0 and '
'earlier'},
'lessons_learned': 'The incident underscores the importance of secure '
'software development and timely vulnerability management, '
'especially for features handling sensitive data deletion.',
'post_incident_analysis': {'corrective_actions': 'Complete removal of File '
'Shredder feature from ASUS '
'Business Manager',
'root_causes': 'Critical security flaw in File '
'Shredder feature (CVE-2025-13348)'},
'recommendations': 'Organizations using ASUS Business Manager should verify '
'the absence of File Shredder in their installations, '
'assess logs for prior exploitation, and consider '
'alternative secure data deletion tools.',
'references': [{'date_accessed': '2026-02-02',
'source': 'ASUS Security Bulletin'}],
'response': {'communication_strategy': 'Security bulletin issued on February '
'2, 2026',
'containment_measures': 'Removal of File Shredder feature from '
'ASUS Business Manager',
'remediation_measures': 'Users urged to upgrade to versions '
'beyond 3.0.36.0'},
'title': 'ASUS Discontinues File Shredder Feature After Critical '
'Vulnerability Discovery',
'type': 'Vulnerability',
'vulnerability_exploited': 'CVE-2025-13348'}