Two vulnerabilities in DriverHub, a driver software program that comes pre-installed on Asus motherboards, could be exploited remotely for arbitrary code execution, New Zealand researcher ‘MrBruh’ says.
The problems, tracked as CVE-2025-3462 (CVSS rating of 8.4) and CVE-2025-3463 (CVSS rating of 9.4) might be exploited through crafted HTTP requests to work together with DriverHub.
In line with Asus, the issues are the results of an absence of enough validation and might be exploited to work together with the software program’s options and have an effect on system habits, respectively. The corporate additionally says that “laptops, desktop computer systems, or different endpoints” aren’t affected by these bugs.
MrBruh, nevertheless, explains that the safety defects could be exploited for distant code execution, and that they exist in the way in which the pre-installed software program receives and executes packages.
DriverHub runs within the background, speaking with driverhub.asus.com to inform customers of the drivers that ought to be put in or up to date. It depends on the distant process name (RPC) protocol and hosts an area service to which the web site can join through API requests.
In line with MrBruh, whereas DriverHub would solely settle for RPC requests from driverhub.asus.com, switching the origin – to ‘driverhub.asus.com.*’ – would permit an unauthorized person to ship requests to it.
Moreover, the motive force’s UpdateApp endpoint would settle for crafted URL parameters (in the event that they contained ‘.asus.com’), save a file with a specified title, obtain any file with any extension, robotically execute signed information with administrative privileges, and never delete information that fail the signature test.
Trying right into a standalone Wi-Fi driver that was distributed in a ZIP archive, MrBruh found that it was potential to focus on the UpdateApp endpoint with an exploit leveraging a silent set up characteristic to execute any file.Commercial. Scroll to proceed studying.
The researcher demonstrated how the vulnerabilities could be exploited for one-click distant code execution by getting the focused person to go to a malicious webpage hosted on a driverhub.asus.com.* subdomain.
MrBruh reported the vulnerabilities on April 8 and Asus rolled out fixes for them on Might 9. The researcher says he has not seen any area with driverhub.asus.com.* registered, “that means it’s unlikely that this was being actively exploited” earlier than his report.
“I requested Asus in the event that they supplied bug bounties. They responded saying they don’t, however they might as an alternative put my title of their ‘corridor of fame’,” MrBruh notes.
Associated: Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet
Associated: Second OttoKit Vulnerability Exploited to Hack WordPress Websites
Associated: Vital Vulnerability in AI Builder Langflow Beneath Assault
Associated: Vital Commvault Vulnerability in Attacker Crosshairs
