Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

The ASUS DriverHub Security Flaw: A Vulnerability that Can Allow Remote Code Execution




The ASUS DriverHub Security Flaw: A Vulnerability that Can Allow Remote Code Execution

Recently discovered security flaws in ASUS DriverHub have raised concerns among tech-savvy individuals. These vulnerabilities can enable hackers to execute remote code execution, compromising user safety and device integrity.

ASUS has released patches for both identified vulnerabilities and advises users to update their software immediately to ensure their digital well-being.



  • ASUS recently released patches for two security flaws in their DriverHub software, CVE-2025-3462 and CVE-2025-3463.
  • The vulnerabilities allow unauthorized sources to interact with the software via crafted HTTP requests, potentially leading to malware infections.
  • A compromised ASUS DriverHub installation could be used as a one-click attack vector to run malicious code on a user's device.
  • ASUS users should update their software immediately after releasing patches for these vulnerabilities.



    • ASUS, a prominent technology company, has recently released patches for two security flaws found in their DriverHub software. The vulnerabilities, identified as CVE-2025-3462 and CVE-2025-3463, have a significant impact on the security of ASUS users who rely on DriverHub to update drivers.

    DriverHub is designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a dedicated site hosted at "driverhub.asus[.]com." The software is used in various settings, including home and enterprise environments. However, due to the recent security flaws discovered in DriverHub, ASUS users should prioritize updating their software as soon as possible.

    The vulnerabilities identified in DriverHub are serious concerns. CVE-2025-3462, with a CVSS score of 8.4, is an origin validation error vulnerability that may allow unauthorized sources to interact with the software's features via crafted HTTP requests. This flaw makes it possible for attackers to manipulate the driver updates and potentially download malicious code on the user's device.

    CVE-2025-3463, also known as a CVSS score of 9.4, is an improper certificate validation vulnerability that may allow untrusted sources to affect system behavior via crafted HTTP requests. This vulnerability could enable attackers to trick ASUS users into visiting fake websites designed by hackers, which can potentially lead to malware infections and further security breaches.

    According to security researcher MrBruh, the discovered vulnerabilities were found while examining DriverHub's update process and communication with its host site, driverhub.asus[.]com. The researcher noted that an attacker could exploit these flaws in order to run malicious code on the user's device as part of a one-click attack.

    The researcher explained that the attack chain involves tricking unsuspecting users into visiting sub-domains of the legitimate driverhub.asus[.]com (e.g., driverhub.asus.com..com) and then leveraging DriverHub's UpdateApp endpoint to execute a legitimate version of AsusSetup.exe with an option set to run any file hosted on the fake domain.

    "When executing AsusSetup.exe it first reads from AsusSetup.ini, which contains metadata about the driver," MrBruh stated in a technical report. "If you run AsusSetup.exe with the -s flag (DriverHub calls it using this to do a silent install), it will execute whatever is specified in SilentInstallRun. In this case, the ini file specifies a cmd script that performs an automated headless install of the driver, but it could run anything."

    To successfully exploit these vulnerabilities, hackers only need to create a domain and host three files: the malicious payload to be run, an altered version of AsusSetup.ini that has the "SilentInstallRun" property set to the malicious binary, and AsusSetup.exe. The software will then use this setting to execute the payload.

    Fortunately, ASUS has taken immediate action in response to these security flaws. After the responsible disclosure on April 8, 2025, the company released patches for both vulnerabilities on May 9.

    The company advises users to update their ASUS DriverHub installation to the latest version as soon as possible.

    "The latest Software Update can be accessed by opening ASUS DriverHub, then clicking the 'Update Now' button," ASUS stated in a bulletin.

    To date, there is no evidence that the vulnerabilities have been exploited in the wild. Nonetheless, security experts caution users to exercise extreme vigilance and update their software promptly to avoid potential attacks.

    In conclusion, the recent security flaws discovered in ASUS DriverHub are alarming concerns for all those relying on this technology solution for driver updates. ASUS has taken immediate action by releasing patches, and users should prioritize updating their DriverHub software to minimize the risk of potential exploits.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-ASUS-DriverHub-Security-Flaw-A-Vulnerability-that-Can-Allow-Remote-Code-Execution-ehn.shtml

  • https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html

  • https://cloudindustryreview.com/asus-addresses-rce-vulnerabilities-in-driverhub-exploitable-through-http-and-custom-ini-files/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-3462

  • https://www.cvedetails.com/cve/CVE-2025-3462/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-3463

  • https://www.cvedetails.com/cve/CVE-2025-3463/


    • Published: Mon May 12 10:43:19 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us