Executive Summary

The latest cybersecurity advisory highlights critical vulnerabilities discovered in ASUS DriverHub, a utility designed to facilitate driver updates by automatically detecting motherboard models. Identified as CVE-2025-3462 and CVE-2025-3463, these vulnerabilities expose users to significant risks due to insufficient HTTP request validation, potentially allowing unauthorized remote interactions with the software. Although no specific APT groups have been linked to these vulnerabilities, the potential for exploitation makes it a concern for sectors relying heavily on ASUS motherboards.

Technical Information

ASUS DriverHub has been identified with two significant vulnerabilities, posing a high risk to users due to insufficient validation for HTTP requests. CVE-2025-3462 is rated with a CVSSv4 score of 8.4 and originates from improper validation when processing specific HTTP requests, allowing attackers to spoof internal communications and interact with the software's internal features without authorization. CVE-2025-3463, with a CVSSv4 score of 9.4, is more severe. It enables untrusted sources to influence system behavior using specially crafted HTTP requests. While no public exploitation scenarios have been demonstrated, the risk of remote exploitation is substantial, particularly in vulnerable network environments. These vulnerabilities specifically affect ASUS DriverHub on motherboards, without impacting laptops, desktop computers, or other endpoints.

Exploitation in the Wild

Currently, there are no confirmed cases of active exploitation in the wild for these vulnerabilities. However, a proof of concept (PoC) exploit has been disclosed, demonstrating how interaction with the software can be achieved via subdomains, executing unauthorized commands through crafted HTTP requests.

APT Groups using this vulnerability

While no specific APT groups have been associated with these vulnerabilities, their nature suggests potential interest from groups targeting industrial espionage or infrastructure that relies heavily on ASUS motherboards. The vulnerabilities could be utilized by entities seeking to exploit unpatched systems in environments with inadequate security measures.

Affected Product Versions

The vulnerabilities affect ASUS DriverHub versions prior to 1.0.6.0, specifically those installed on motherboards. Users of laptops, desktop computers, and other endpoints are not impacted. It is imperative for users operating the affected versions on ASUS motherboards to update their software to mitigate the risk of exploitation.

Workaround and Mitigation

To safeguard against potential exploitation, users are strongly advised to update their ASUS DriverHub to version 1.0.6.0 or newer. The update process requires users to open the ASUS DriverHub utility, click the "Update Now" button, and follow the on-screen prompts to complete the patch process. Regular software updates and the implementation of network-based intrusion detection systems are recommended to further reduce the risk of exploitation.

References

For further details, the following resources are available: - Security Online Article on ASUS DriverHub Vulnerabilities: https://securityonline.info/critical-security-flaws-found-in-asus-driverhub-update-immediately/ - The Hacker News on ASUS Patches: https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html - NVD Entry for CVE-2025-3463: https://nvd.nist.gov/vuln/detail/CVE-2025-3463 - PoC Exploit Chain Discussion: https://mrbruh.com/asusdriverhub/

Rescana is here for you

Rescana is committed to helping our clients navigate the complexities of cybersecurity threats through our comprehensive Third Party Risk Management (TPRM) platform. By leveraging our expertise, clients can identify and mitigate risks associated with third-party software vulnerabilities. Should you have any questions or require further assistance regarding this report or any other issue, please reach out to our cybersecurity team at ops@rescana.com.