ASUS has issued security updates to fix two high-severity vulnerabilities in its DriverHub utility, if exploited, could allow attackers to RCE on affected systems. The flaws, tracked as CVE-2025-3462 and CVE-2025-3463, were discovered by security researcher MrBruh and responsibly disclosed to ASUS on April 8, 2025. Patches were released on May 9.
DriverHub is a software tool developed by ASUS to automatically detect a computer’s motherboard model and facilitate driver updates by communicating with a dedicated server at driverhub.asus[.]com. The newly disclosed vulnerabilities stem from weaknesses in how the tool validates input and handles certificates.
Details of the Vulnerabilities
- CVE-2025-3462 (CVSS score: 8.4): An origin validation error that could allow attackers to interact with DriverHub’s internal functions through specially crafted HTTP requests from unauthorized sources.
- CVE-2025-3463 (CVSS score: 9.4): An improper certificate validation flaw that could enable attackers to manipulate system behavior using crafted requests from untrusted origins.
According to MrBruh’s technical analysis, these vulnerabilities could be weaponized in a one-click attack scenario. The exploit involves tricking users into visiting a deceptive subdomain, such as driverhub.asus.com.attacker-domain.com. From there, the attacker leverages the DriverHub’s UpdateApp endpoint to download and execute a tampered driver installer.
The attack chain abuses the way the ASUS DriverHub uses the legitimate AsusSetup.exe binary. When executed with the -s flag, AsusSetup.exe references an associated AsusSetup.ini file for install instructions. By modifying the .ini file’s SilentInstallRun field, attackers can instruct the installer to silently run any payload of their choosing.
Conclusion
ASUS confirmed the vulnerabilities have been addressed and emphasized that there is no evidence of exploitation in the wild. Users are urged to update DriverHub immediately to ensure their systems are protected.
These findings highlight the risks of insecure software update mechanisms, particularly when combined with improper validation practices. As interest in automated driver tools grows, researchers warn that attackers will continue to target such software to deliver malware under the guise of legitimate updates.
Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
