ASUS has released updates to fix two critical security flaws in its DriverHub software. These flaws could allow attackers to execute remote code on affected systems, posing a significant security risk. DriverHub, designed to detect motherboard models and provide necessary driver updates, communicates with a dedicated site at “driverhub.asus[.]com.” The vulnerabilities, CVE-2025-3462 and CVE-2025-3463, were discovered by security researcher MrBruh, who reported that the flaws could be exploited for remote code execution.
The first vulnerability, CVE-2025-3462, involves an origin validation error that could let unauthorized sources interact with the software through crafted HTTP requests.
The second vulnerability, CVE-2025-3463, is an improper certificate validation flaw that could allow untrusted sources to alter system behavior via similar crafted requests. Both flaws have high CVSS scores, 8.4 and 9.4, respectively, indicating their potential severity if exploited. The researcher also explained that these vulnerabilities could lead to a one-click attack where attackers remotely execute arbitrary code.
The attack chain begins with tricking the victim into visiting a malicious sub-domain of driverhub.asus[.]com. This fake sub-domain uses the DriverHub UpdateApp endpoint to execute a legitimate version of the AsusSetup.exe binary, but with the -s flag to run any file specified in the altered AsusSetup.ini. The ini file can be modified to execute a malicious payload, essentially turning the legitimate software into a vehicle for running the attacker’s code.
An attacker only needs to create a domain and host the necessary files to carry out the attack.
ASUS responded to the responsible disclosure by releasing fixes for both vulnerabilities on May 9, 2025. The company has strongly recommended that all users update their DriverHub installations to the latest version. Although there is no evidence of the vulnerabilities being exploited in the wild, users should take immediate action to secure their systems. To update, users can open DriverHub and click the “Update Now” button to ensure they are running the latest version with the security patches.
Reference: