ASUS has released security updates to fix two critical vulnerabilities in ASUS DriverHub that could allow attackers to execute remote code through crafted HTTP requests. Users are advised to update their software promptly to prevent potential exploitation.
Affected: ASUS DriverHub system
Affected: ASUS DriverHub system
Keypoints
- Two security flaws (CVE-2025-3462 and CVE-2025-3463) were identified in ASUS DriverHub, impacting its security.
- The vulnerabilities could enable remote code execution through malicious HTTP requests and crafted domains.
- The flaws allow attackers to trick users into executing malicious payloads by manipulating the AsusSetup.exe process.
- Exploiting the vulnerabilities involves creating a fake domain, hosting malicious files, and tricking users into visiting it.
- ASUS addressed and fixed the vulnerabilities with updates released on May 9, 2025, following responsible disclosure.
- The company strongly recommends users update ASUS DriverHub to the latest version via the softwareβs update feature.
- There is no evidence that these vulnerabilities have been exploited in real-world attacks.
Read More: https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html