ASUS has addressed two significant security flaws in its DriverHub software, designed for automatic driver updates. The vulnerabilities, identified under CVEs 2025-3462 and 2025-3463, present risks associated with origin validation and improper certificate validation. Security researcher MrBruh highlighted that these could lead to remote code execution, enabling attackers to manipulate the software's functionality through crafted HTTP requests. The exploitation method involves tricking users into accessing malicious sub-domains that interact with DriverHub, demonstrating the potential for significant unauthorized access if left unaddressed.
ASUS has released updates to address two security flaws in its DriverHub tool, which could enable remote code execution if exploited by attackers.
The vulnerabilities, discovered by researcher MrBruh, could allow unauthorized sources to interact with DriverHub features and impact system behavior via crafted HTTP requests.
Collection
[
|
...
]