Asus has issued updates to address two security flaws affecting Asus Driverhub, if successfully used, an attacker may be able to take advantage of software to achieve remote code execution.
Driverhub is a device designed to automatically detect the motherboard model of the computer and later display the driver update required for installation.[.]com. ,
The defects identified in software are listed below –
- Cve-2025-3462 (CVSS Score: 8.4) – An original verification error vulnerability that can allow unauthorized sources to interact with software features through HTTP requests prepared
- Cve-2025-3463 (CVSS Score: 9.4) – An improper certificate verification vulnerability that may allow untrustwill sources to affect the system behavior through HTTP requests prepared
Security researcher Sripruh, who is credited with discovering and reporting two weaknesses, stated that they can be exploited to achieve distance code execution as part of one-click attack.
The chain of attack involves essentially involving an unwanted user in going to the sub-domain of the driver.[.]com (eg, driverhub.asus.com.
“When executing asussetup.exe, it first reads from asussetup.ini, which has a metadata about the driver,” the researcher explained in a technical report.
“If you run asussetup.exe with -S flag (the driver calls it using it to install a silent), then it will execute whatever is specified in Silentininsalun. Is.”
All attackers need to successfully pull exploitation, create a domain, and host three files, to run malicious payloads, a converted version of asussetup.ini, in which the property of “Silentinsstarlen” is the assets of “Silentinsoncestolon”, and the assussetup.exe is the assets, which uses the property.
After the disclosure responsible on 8 April 2025, the issues were decided by ASUS on 9 May. There is no evidence that the weaknesses have been exploited in the wild.
The company said in a bulletin, “This update includes significant safety updates and asus strongly recommends that users update their Asus Driverhub installation to the latest version.” “The latest software updates can be accessed by opening the Asus Driverhub, then clicking on the ‘Update Now’ button.”
