PT-2025-20478 · Asus · Asus Driverhub

·

CVE-2025-3462

·

Published

2025-04-09

·

Updated

2026-02-10

CVSS v4.0

8.4

High

VectorAV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions ASUS DriverHub versions prior to 1.0.6.0
Description The issue resides in the data source validation mechanism within ASUS DriverHub. Insufficient validation allows unauthorized sources to interact with the software's features through crafted HTTP requests. This can lead to remote code execution (RCE). The issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints. Attackers can craft malicious domains to facilitate forged HTTP requests processed by DriverHub.
Recommendations Versions prior to 1.0.6.0 should be updated to version 1.0.6.0 or later.

Fix

RCE

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2025-09519
CVE-2025-3462

Affected Products

Asus Driverhub