ASUS DriverHub, a driver management utility for ASUS motherboards, was found to have a critical remote code execution vulnerability. Attackers could exploit this flaw by manipulating the software via malicious websites, potentially executing arbitrary commands on affected systems.
Affected: ASUS DriverHub, affected ASUS motherboards systems
Affected: ASUS DriverHub, affected ASUS motherboards systems
Keypoints
- The vulnerability allows remote code execution through exploitation of weak command validation in ASUS DriverHub.
- Cybersecurity researcher MrBruh discovered that the softwareβs background service improperly validates the Origin Header of incoming requests.
- Attackers can spoof the Origin Header to bypass checks, tricking DriverHub into downloading and executing malicious files.
- The flaw involves the UpdateApp endpoint, which accepts executable files from .asus.com URLs without user confirmation.
- The attack flow involves tricking users into visiting malicious websites that send spoofed requests to the local DriverHub service.
- An exploit chain can cause DriverHub to silently download and run malicious executables with administrative privileges.
- ASUS released a security update on April 18, 2025, after validation with researcher MrBruh, urging users to update immediately.