ASUS has recently released patches addressing two critical remote code execution (RCE) vulnerabilities in its DriverHub utility, which could have allowed attackers to execute arbitrary code on affected systems through crafted HTTP requests and malicious .ini files.(cloudindustryreview.com)
Vulnerabilities Overview
The two vulnerabilities, identified as CVE-2025-3462 and CVE-2025-3463, were discovered by security researcher MrBruh.(The Hacker News)
- CVE-2025-3462 (CVSS score: 8.4): An origin validation error that permitted unauthorized sources to interact with DriverHub’s features via crafted HTTP requests.(The Hacker News)
- CVE-2025-3463 (CVSS score: 9.4): An improper certificate validation flaw allowing untrusted sources to affect system behavior through crafted HTTP requests.(The Hacker News)
These vulnerabilities stemmed from insufficient validation mechanisms within DriverHub, enabling potential misuse of its features. (Security Affairs)
Exploitation Method
DriverHub, designed to automatically detect motherboard models and display necessary driver updates, communicates with a dedicated site hosted at driverhub.asus.com. The vulnerabilities could be exploited by tricking users into visiting a malicious subdomain resembling ASUS’s official domain, such as driverhub.asus.com.malicious.com.(The Hacker News)
An attacker could host three files on this malicious domain: a legitimate AsusSetup.exe, a crafted AsusSetup.ini with the SilentInstallRun property set to execute a malicious payload, and the payload itself. By exploiting the origin validation flaw, the attacker could send requests to the local DriverHub service, prompting it to download and execute the malicious files with administrative privileges. (The Hacker News, BleepingComputer)
ASUS’s Response
ASUS was informed of the vulnerabilities on April 8, 2025, and released patches on May 9, 2025. The company advises users to update their ASUS DriverHub installation to the latest version by opening the application and clicking the “Update Now” button. There is no evidence that these vulnerabilities have been exploited in the wild. (Security Affairs, BleepingComputer, The Hacker News)
Recommendations
- Update DriverHub: Ensure that your ASUS DriverHub is updated to the latest version to incorporate the security patches.(ASUS Global)
- Review BIOS Settings: Consider disabling the automatic installation of DriverHub through BIOS settings if not required.(BleepingComputer)
- Be Cautious with Links: Avoid clicking on suspicious links or visiting untrusted websites, especially those mimicking official ASUS domains.
For more detailed information on the vulnerabilities and the patches, refer to ASUS’s official security advisory. (ASUS Global)
Leave a Reply