ASUS Driver Hub Flaw - Update if you havent

Datamonkey · 13 May 2025 at 08:21

Morning all,

Just saw this pop up on one of my security RSS feeds and thought it was worth a share — thanks for the morning jolt, ASUS!

ASUS DriverHub flaw let malicious sites run commands with admin rights

The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed.

www.bleepingcomputer.com

Turns out the ASUS DriverHub utility had a rather nasty vulnerability that could let malicious websites run commands with admin rights. Not ideal!

The issue was spotted by a sharp-eyed independent researcher from New Zealand (shoutout to Paul, aka “MrBruh”), who found that the software wasn’t properly validating commands sent to its background service. This opened the door to an exploit chain involving CVE-2025-3462 and CVE-2025-3463 — fancy names for flaws that, when combined, could let someone remotely run code on affected machines.

The good news? ASUS has since patched it — and the issue only affects ASUS motherboards.

So if you're running an ASUS system, give those core drivers a quick update. Stay safe out there, peeps!

Meddling-Monk · 13 May 2025 at 08:40

Personally never even knew it existed and thus never installed it before, so pretty much safe here. But thanks for the heads up.

Mcnumpty2323 · 13 May 2025 at 12:04

Must only be certain asus motherboard/system
Mine trys to get you to install
Asus armoury crate instead
Even updating windows to a newer version number
Makes the install armoury crate pop up appear

Wonder if the driver and utilities section
Of armoury crate is also affected
Though it doesn't seem to mention it

Mr Evil · 13 May 2025 at 16:32

Also posted here: https://forums.overclockers.co.uk/t...-asuss-preinstalled-driver-software.19002162/