May 12, 2025 By Pierluigi Paganini
Expert found two flaws in DriverHub, pre-installed on Asus motherboards, which allows remote code execution via crafted HTTP requests.
Security researcher ‘MrBruh’ discovered two vulnerabilities, tracked as CVE-2025-3462 (CVSS score of 8.4) and CVE-2025-3463 (CVSS score of 9.4), in DriverHub, a driver that is pre-installed on Asus motherboards. A remote attacker can exploit the flaws to gain arbitrary code execution.
Both flaws stem from insufficient validation, allowing misuse of DriverHub features. The company pointed out that the flaws don’t impact laptops and desktops.
DriverHub, a driver updater with no GUI, runs a background process that talks to driverhub.asus.com via RPC on localhost port 53000. Researcher MrBruh found that while it only accepts requests with an origin header set to “driverhub.asus.com,” a flawed wildcard match allowed requests from domains like “driverhub.asus.com.mrbruh.com.” An attacker can exploit this vulnerability to install malicious software.
