ASUS DriverHub, a tool designed to simplify driver updates by automatically detecting motherboard models and displaying available updates, has been found to contain significant security vulnerabilities.
According to a recent security advisory, two vulnerabilities, identified as CVE-2025-3462 and CVE-2025-3463, pose a risk to users of the software. Itβs important to note that βThis issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.β
Hereβs a breakdown of the vulnerabilities:
CVE-2025-3462 (CVSSv4 8.4): This vulnerability stems from insufficient validation in how DriverHub processes certain HTTP requests. A remote attacker could interact with internal software features by spoofing communication typically reserved for trusted internal sources.
CVE-2025-3463 (CVSSv4 9.4): This vulnerability is considered more severe. βAn insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.β While exploitation scenarios have not been publicly demonstrated, the ability to remotely affect driver management software on motherboards presents a significant risk, especially for users operating in vulnerable network environments.
Both vulnerabilities stem from insufficient validation of HTTP requests, which could enable malicious actors to send specially crafted requests to the DriverHub software and potentially gain unauthorized control.
ASUS urges users to update ASUS DriverHub to the latest version 1.0.6.0 or newer.
βThis update includes important security updates and ASUS strongly recommends that users update their ASUS DriverHub installation to the latest version,β the company recommends.
How to update:
Open the ASUS DriverHub utility.Click the βUpdate Nowβ button.Follow the on-screen prompts to complete the patch process.