PT-2025-20478 · Asus · Asus Driverhub
Leonjza
+1
·
Published
2025-04-09
·
Updated
2026-02-10
·
CVE-2025-3462
CVSS v4.0
8.4
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ASUS DriverHub versions prior to 1.0.6.0
Description
The issue resides in the data source validation mechanism within ASUS DriverHub. Insufficient validation allows unauthorized sources to interact with the software's features through crafted HTTP requests. This can lead to remote code execution (RCE). The issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints. Attackers can craft malicious domains to facilitate forged HTTP requests processed by DriverHub.
Recommendations
Versions prior to 1.0.6.0 should be updated to version 1.0.6.0 or later.
Fix
RCE
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asus Driverhub