CyberSecurity news
FlagThis
Sead Fadilpašić@techradar.com
//
ASUS DriverHub, a driver management utility designed to simplify updates by automatically detecting motherboard models, is facing scrutiny following the discovery of critical security flaws. Cybersecurity researchers identified vulnerabilities, designated as CVE-2025-3462 and CVE-2025-3463, that could allow malicious actors to remotely execute code on systems with the software installed. These flaws stem from insufficient HTTP request validation, potentially enabling unauthorized remote interactions with the software and the ability for malicious sites to execute commands with administrative rights.
Researchers discovered a one-click remote code execution vulnerability in ASUS's pre-installed DriverHub software. The attack vector involves tricking users into visiting a malicious subdomain of driverhub.asus[.]com. By leveraging the DriverHub's UpdateApp endpoint, attackers can execute a legitimate version of "AsusSetup.exe" with modified parameters that enable the execution of arbitrary files hosted on the attacker's domain. This exploit requires the creation of a malicious domain hosting three files: the payload, a modified AsusSetup.ini with a "SilentInstallRun" property pointing to the payload, and the legitimate AsusSetup.exe.
ASUS has released an update, version 1.0.6.0 or newer, to address these vulnerabilities and urges users to update immediately. The update includes important security fixes to mitigate the risk of remote code execution. Users are advised to open the ASUS DriverHub utility and click the "Update Now" button to complete the patching process. While there are no confirmed cases of active exploitation in the wild, a proof of concept exploit exists, highlighting the potential danger, especially for sectors relying heavily on ASUS motherboards.
ImgSrc: cdn.mos.cms.fut
References :
Researchers discovered a one-click remote code execution vulnerability in ASUS's pre-installed DriverHub software. The attack vector involves tricking users into visiting a malicious subdomain of driverhub.asus[.]com. By leveraging the DriverHub's UpdateApp endpoint, attackers can execute a legitimate version of "AsusSetup.exe" with modified parameters that enable the execution of arbitrary files hosted on the attacker's domain. This exploit requires the creation of a malicious domain hosting three files: the payload, a modified AsusSetup.ini with a "SilentInstallRun" property pointing to the payload, and the legitimate AsusSetup.exe.
ASUS has released an update, version 1.0.6.0 or newer, to address these vulnerabilities and urges users to update immediately. The update includes important security fixes to mitigate the risk of remote code execution. Users are advised to open the ASUS DriverHub utility and click the "Update Now" button to complete the patching process. While there are no confirmed cases of active exploitation in the wild, a proof of concept exploit exists, highlighting the potential danger, especially for sectors relying heavily on ASUS motherboards.
ImgSrc: cdn.mos.cms.fut
Share:
References :
- securityonline.info: Critical Security Flaws Found in ASUS DriverHub: Update Immediately
- Rescana: Vulnerabilities in ASUS DriverHub Exposed: CVE-2025-3462 and CVE-2025-3463 Analysis
- cyberinsider.com: Critical Flaw in ASUS DriverHub Exposes Users to Remote Code Execution
- securityaffairs.com: Researchers found one-click RCE in ASUS’s pre-installed software DriverHub
- The DefendOps Diaries: ASUS DriverHub Vulnerability: Understanding and Mitigating CVE-2025-3463
- The Hacker News: ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
- BleepingComputer: The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed.
- bsky.app: ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed.
- www.techradar.com: Details on ASUS DriverHub driver management tool targeted by RCE vulnerability
- www.scworld.com: ASUS DriverHub vulnerabilities fixed
- Tech Monitor: TechMonitor article about ASUS DriverHub security vulnerability
- the420.in: The420.in
- Blog: ASUS patches RCE flaw in DriverHub utility
- socradar.io: CVE-2025-3462 & CVE-2025-3463: ASUS DriverHub Flaws Enable RCE