Ethical Hacking News
A critical vulnerability discovered in ASUS DriverHub allows malicious sites to execute commands with administrative rights, prompting a swift response from the manufacturer and advice for users to apply the latest security patches.
A critical vulnerability (CVE-2025-3462 & CVE-2025-3463) has been discovered in ASUS DriverHub, allowing malicious sites to execute commands with administrative rights. The flaw was identified by an independent cybersecurity researcher from New Zealand known as "MrBruh" and affects ASUS motherboards, laptops, and desktop computers. Attacks can be launched through spoofing the Origin Header on DriverHub's local service at 'http://127.0.0.1:53000', allowing it to accept commands without proper validation. A fix for the vulnerability was released by ASUS on April 18, but some question its severity and how widespread it has been exploited. Users running ASUS DriverHub are advised to apply the latest update and disable the service from their BIOS settings to protect themselves against potential attacks.
In recent weeks, a critical vulnerability has been discovered in ASUS DriverHub, a software tool designed to manage drivers for ASUS motherboards. The flaw, dubbed CVE-2025-3462 and CVE-2025-3463, allows malicious sites to execute commands with administrative rights on devices running the software.
The discovery of this vulnerability is attributed to an independent cybersecurity researcher from New Zealand, known by his online handle "MrBruh." This researcher identified a series of issues within ASUS DriverHub's validation mechanisms for commands sent to its background service. Specifically, he discovered that the software had poor checks in place to ensure that only legitimate updates were accepted.
Upon further examination, it became clear that the flaw was not limited to motherboards, but could also affect laptops and desktop computers running the software. According to MrBruh, an attacker could trick users into visiting a malicious website on their browser, which would then send "UpdateApp requests" to the local service at 'http://127.0.0.1:53000.' By spoofing the Origin Header, the weak validation check was bypassed, allowing DriverHub to accept commands from malicious sites.
The attack flow described by MrBruh involves several steps. First, a user visits a malicious website that sends an "UpdateApp request" to the local service at 'http://127.0.0.1:53000.' Next, the spoofed Origin Header allows DriverHub to accept the command without proper validation. The researcher demonstrated how this could be used to download and run legitimate ASUS-signed driver installers, as well as malicious payloads.
ASUS received a report of this vulnerability on April 8, 2025, and released a fix for CVE-2025-3462 and CVE-2025-3463 on April 18. However, some have questioned the severity of the issue, with one CVE description stating that "this issue is limited to motherboards" - an assertion that MrBruh disputes.
In response to this vulnerability, ASUS has issued a security bulletin advising users to apply the latest update as soon as possible. This update includes important security patches and fixes for DriverHub's validation mechanisms.
While it is unclear at present how widespread this vulnerability has been exploited in the wild, it highlights the need for manufacturers to prioritize security in their software tools. Users running ASUS DriverHub are advised to quickly apply the latest update and take steps to disable the service from their BIOS settings.
Related Information:
https://www.ethicalhackingnews.com/articles/Exploiting-ASUS-DriverHubs-Security-Weaknesses-A-Detailed-Analysis-ehn.shtml
https://www.bleepingcomputer.com/news/security/asus-driverhub-flaw-let-malicious-sites-run-commands-with-admin-rights/
https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html
https://undercodenews.com/critical-asus-driverhub-flaw-exposes-users-to-remote-code-execution-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-3462
https://www.cvedetails.com/cve/CVE-2025-3462/
https://nvd.nist.gov/vuln/detail/CVE-2025-3463
https://www.cvedetails.com/cve/CVE-2025-3463/
Published: Mon May 12 18:05:21 2025 by llama3.2 3B Q4_K_M
