Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Asus DriverHub Flaw Enables Remote Code Execution

Comment

Asus DriverHub Flaw Enables Remote Code Execution

Netvora May 12, 2025 at 02:20 PM Security
Asus DriverHub Flaw Enables Remote Code Execution

Asus DriverHub Flaw Enables Remote Code Execution

By Netvora Tech News

A security researcher has discovered vulnerabilities in Asus's DriverHub software that could allow remote code execution. Asus has released patches to address the issue. DriverHub is a software package that is installed on systems by default or can be installed via the BIOS of Asus motherboards. Once active, it runs in the background and connects to the website driverhub.asus.com to check for new drivers for the system. The website uses a remote procedure call (RPC) to communicate with the DriverHub process on users' systems. The background process runs a local HTTP or Websocket service that a website or service can connect to via an API request. DriverHub only listens to requests with "driverhub.asus.com" in the header. A researcher with the alias MrBruh found that the software also accepts requests with "driverhub.asus.com" in the name, for example, "driverhub.asus.com.evilwebsite.tld." One of DriverHub's features, called UpdateApp, is responsible for updating the application itself. Through this feature, it is possible to execute malicious code on the system, according to the researcher. The target must first visit a malicious domain with "driverhub.asus.com" in the name. The malicious site then uploads malware to the system. Since the malware is not signed by Asus, it will not be executed. The malicious site can also perform a "silent install," allowing the previously uploaded malware to be executed. The impact of the two vulnerabilities, CVE-2025-3462 and CVE-2025-3463, is rated on a scale of 1 to 10, with a score of 9.4 and 8.4, respectively. The researcher notified Asus on April 7, and the company released updates on May 9. MrBruh describes Asus's description of the issue as "a bit misleading." "Their CVE description for remote code execution is a bit misleading," he says. "They say 'This issue is limited to motherboards and has no impact on laptops, desktop computers.' However, this affects every computer, including desktops/laptops, where DriverHub is installed."

Comments (0)

Leave a comment

Back to homepage

You might also like