ASUS has issued important security updates to its DriverHub software, addressing two critical vulnerabilities, CVE-2025-3462 and CVE-2025-3463, that could allow attackers to execute remote commands on vulnerable systems. These flaws affected the mechanism responsible for driver detection and updates on ASUS devices.
What is DriverHub? It is a proprietary utility designed to identify a computer’s motherboard model and facilitate the download of appropriate drivers. It connects to the ASUS domain driverhub.asus[.]com to fetch the necessary data and perform updates.
Two Major Flaws Identified and Patched
The security researcher known as MrBruh discovered and reported the following vulnerabilities:
- CVE-2025-3462 – This is a security flaw caused by weak origin validation, which could allow attackers to send forged HTTP requests and interact with the application’s internal functions. This issue received a CVSS score of 8.4.
- CVE-2025-3463 – A separate issue involving improper certificate validation. This vulnerability, rated at 9.4 on the CVSS scale, could allow untrusted sources to disrupt or manipulate application behavior.
If successfully exploited, these vulnerabilities could be used to trick users into executing malicious software hosted on an attacker-controlled server. The attack method involves crafting a deceptive domain that mimics ASUS infrastructure and using it to deliver a malicious update payload.
How Does the Attack Chain Operate?
The core of the exploit lies in how the DriverHub utility executes the AsusSetup.exe binary. This executable reads configuration data from an accompanying AsusSetup.ini file. In legitimate use cases, this file defines how the driver should be installed silently. However, if altered, it can be used to launch virtually any script or application without the user’s knowledge.
To carry out the attack, a cybercriminal would need to set up a fake website resembling a subdomain of the official ASUS server. On this site, they would host:
- A tampered
AsusSetup.inifile with a command to run a malicious program. - The legitimate
AsusSetup.exeinstaller. - The actual malware to be executed.
When a user is lured to this malicious site—usually through phishing or social engineering tactics—the DriverHub tool can unknowingly execute the attacker’s payload, all under the guise of a routine driver update.
Patch Release and User Guidance
ASUS responded promptly to the vulnerability disclosure, which occurred on April 8, 2025. A fix was officially released on May 9, 2025. As of now, there have been no confirmed reports of these vulnerabilities being exploited in real-world attacks.
ASUS’s security recommendation is for all users to update to the latest version of DriverHub. This can be done by launching the application and clicking the “Update Now” button within the interface.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: