Could 12, 2025Ravie LakshmananVulnerability / Endpoint Safety
ASUS has launched updates to deal with two safety flaws impacting ASUS DriverHub that, if efficiently exploited, might allow an attacker to leverage the software program with a purpose to obtain distant code execution.
DriverHub is a device that is designed to mechanically detect the motherboard mannequin of a pc and show crucial driver updates for subsequent set up by speaking with a devoted web site hosted at “driverhub.asus[.]com.”
The failings recognized within the software program are listed under –
CVE-2025-3462 (CVSS rating: 8.4) – An origin validation error vulnerability which will enable unauthorized sources to work together with the software program’s options through crafted HTTP requests
CVE-2025-3463 (CVSS rating: 9.4) – An improper certificates validation vulnerability which will enable untrusted sources to have an effect on system habits through crafted HTTP requests
Safety researcher MrBruh, who’s credited with discovering and reporting the 2 vulnerabilities, mentioned they could possibly be exploited to realize distant code execution as a part of a one-click assault.
The assault chain primarily entails tricking an unsuspecting person into visiting a sub-domain of driverhub.asus[.]com (e.g., driverhub.asus.com.<random string>.com) after which leveraging the DriverHub’s UpdateApp endpoint to execute a professional model of the “AsusSetup.exe” binary with an possibility set to run any file hosted on the pretend area.
“When executing AsusSetup.exe it first reads from AsusSetup.ini, which comprises metadata in regards to the driver,” the researcher defined in a technical report.
“For those who run AsusSetup.exe with the -s flag (DriverHub calls it utilizing this to do a silent set up), it’s going to execute no matter is laid out in SilentInstallRun. On this case, the ini file specifies a cmd script that performs an automatic headless set up of the driving force, however it might run something.”
All an attacker must efficiently pull off the exploit is to create a site, and host three information, the malicious payload to be run, an altered model of AsusSetup.ini that has the “SilentInstallRun” property set to the malicious binary, and AsusSetup.exe, which then make use of the property to run the payload.
Following accountable disclosure on April 8, 2025, the problems have been fastened by ASUS on Could 9. There isn’t any proof that the vulnerabilities have been exploited within the wild.
“This replace contains necessary safety updates and ASUS strongly recommends that customers replace their ASUS DriverHub set up to the newest model,” the corporate mentioned in a bulletin. “The newest Software program Replace could be accessed by opening ASUS DriverHub, then clicking the ‘Replace Now’ button.”
Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.
