Researchers have discovered two vulnerabilities within the ASUS DriverHub driver management tool that can allow malicious sites to execute commands on targeted devices. They have found no evidence that threat actors have exploited these vulnerabilities in real-world scenarios. Review the details of this Cybersecurity Threat Advisory to minimize your risk.
What is the threat?
The two vulnerabilities are tracked as:
- CVE-2025-3462 (CVSS score: 8.4): An origin validation error vulnerability that may allow unauthorized sources to interact with the software’s features via crafted HTTP requests.
- CVE-2025-3463 (CVSS score: 9.4): An improper certificate validation vulnerability that may allow untrusted sources to affect system behavior via crafted HTTP requests.
In combination, these vulnerabilities allow attackers to send crafted HTTP requests to the DriverHub subdomain and tamper with the DriverHub software. Specifically, by altering the configuration files to include a SilentInstall argument, the attacker can execute arbitrary code without user interaction. The DriverHub update subdomain provides an executable file, AsusSetup.exe, which reads configuration files included in the update. If an attacker modifies this executable to run silently, they can include additional commands within those configuration files.
Why is it noteworthy?
The recent vulnerabilities discovered in ASUS DriverHub raise concerns not only for ASUS but for similar driver control software from other manufacturers. Exploit chains with this behavior could allow attackers to execute malicious payloads simply by tricking users into visiting a compromised subdomain.
What is the exposure or risk?
Organizations lacking a software upgrade policy face significant risks due to the inability to monitor and test new updates effectively. This lack of oversight not only leaves systems vulnerable to known exploits but also increases the likelihood of employees falling victim to social engineering attacks. Without a clear and streamlined policy, employees may inadvertently access malicious sites or download compromised software, opening the organization to potential threats.
What are the recommendations?
Barracuda recommends the following actions to limit the impact of attacks:
- Apply the latest available upgrade available in the DriverHub application under the “Upgrade Now” section.
- Establish a policy to manage and secure personal devices if your organization permits employees to use them.
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html
- https://www.bleepingcomputer.com/news/security/asus-driverhub-flaw-let-malicious-sites-run-commands-with-admin-rights/
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.