ASUS Discontinues “File Shredder” Feature to Patch Critical Security Vulnerability

ASUS has discontinued the File Shredder feature in its Business Manager software following the discovery of a critical security vulnerability, CVE-2025-13348.

The company issued a security bulletin on February 2, 2026, addressing a flaw affecting ASUS Business Manager version 3.0.36.0 and earlier releases.

Rather than patching the vulnerability through conventional updates, ASUS opted to remove the File Shredder functionality completely, indicating the severity of the security flaw and potential exploitation risks associated with maintaining the feature.

Vulnerability Details and Impact

The decision to discontinue File Shredder rather than issue a patch reflects the critical nature of this vulnerability.

ASUS has released updated versions that no longer include the File Shredder capabilities, ensuring users cannot exploit the flaw through this deprecated feature.

This approach, while drastic, eliminates the attack vector and prevents potential misuse by threat actors.

The vulnerability affects multiple versions of Business Manager, making this a widespread issue requiring immediate user action.

Organizations and individuals using ASUS Business Manager should immediately update to versions newer than 3.0.36.0 to ensure they are no longer exposed to this critical flaw.

Users can verify their current version and download security patches through the official ASUS Security Advisory Portal at www.asus.com/securityadvisory.

This proactive measure is essential for maintaining system security and preventing potential compromise through the exploited functionality.

Attribute	Details
CVE ID	CVE-2025-13348
Affected Product	ASUS Business Manager
Affected Versions	3.0.36.0 and earlier
Vulnerability Type	Critical Security Flaw

ASUS maintains active participation in vulnerability disclosure programs as a CVE Numbering Authority (CNA) partner and a member of the Forum of Incident Response and Security Teams (FIRST).

The company follows Coordinated Vulnerability Disclosure (CVD) best practices and adheres to ISO 29147:2018 and ISO 30111:2019 standards for vulnerability management.

These commitments demonstrate ASUS’s dedication to responsible security practices and transparent communication with users regarding potential threats.

This vulnerability disclosure is part of ASUS’s ongoing security update cycle. The company has published 89 security advisories addressing various products, including MyASUS, router firmware, Armoury Crate, and UEFI firmware, throughout 2025 and early 2026.

This frequency of security updates highlights the evolving threat landscape and the importance of maintaining current software versions across all deployed systems.

ASUS encourages users to keep software and firmware up to date across all products to ensure continued security protection.

System administrators managing ASUS Business Manager deployments should prioritize updating affected systems and verifying that File Shredder functionality is no longer present in their current installations.

Security teams should also assess whether this vulnerability was exploited within their environments before patching, using log analysis and endpoint detection and response (EDR) tools to identify suspicious activity.

For organizations relying on file shredding functionality, alternative solutions should be evaluated and deployed to maintain secure data deletion capabilities.

Additionally, users should monitor ASUS security advisories regularly to stay informed about emerging threats affecting their systems.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post ASUS Discontinues “File Shredder” Feature to Patch Critical Security Vulnerability appeared first on Cyber Security News.