Patches have been released by ASUS for a pair of security bugs impacting its DriverHub tool, which could be exploited to facilitate remote code execution, reports The Hacker News.
More serious of the addressed vulnerabilities which were discovered and reported by security researcher MrBruh is the critical improper certificate validation flaw, tracked as CVE-2025-3463, which could be leveraged to enable system behavior changes, while the other is a high-severity origin validation error defect, tracked as CVE-2025-3463. Attacks combining both security issues could involve luring users into visiting a driverhub[.]asus[.]com subdomain and use the tool's UpdateApp endpoint to allow the execution of the AsusSetup.exe binary to run bogus domain-hosted files. "If you run AsusSetup.exe with the -s flag (DriverHub calls it using this to do a silent install), it will execute whatever is specified in SilentInstallRun. In this case, the ini file specifies a cmd script that performs an automated headless install of the driver, but it could run anything," said MrBruh.
More serious of the addressed vulnerabilities which were discovered and reported by security researcher MrBruh is the critical improper certificate validation flaw, tracked as CVE-2025-3463, which could be leveraged to enable system behavior changes, while the other is a high-severity origin validation error defect, tracked as CVE-2025-3463. Attacks combining both security issues could involve luring users into visiting a driverhub[.]asus[.]com subdomain and use the tool's UpdateApp endpoint to allow the execution of the AsusSetup.exe binary to run bogus domain-hosted files. "If you run AsusSetup.exe with the -s flag (DriverHub calls it using this to do a silent install), it will execute whatever is specified in SilentInstallRun. In this case, the ini file specifies a cmd script that performs an automated headless install of the driver, but it could run anything," said MrBruh.
