Vulnerabilities Could Let Hackers Run Malicious Code on Targeted Systems

ASUS has released a critical security update for its DriverHub utility after security experts uncovered two significant vulnerabilities that could put users at risk. If exploited, these flaws could allow attackers to remotely run harmful code on a victim’s machine by taking advantage of weaknesses in how the software communicates with ASUS’s servers and how it verifies the authenticity of those communications.

You might be interested in: URGENT! Android’s May 2025 Security Patch

DriverHub is a software program developed by ASUS that helps users keep their drivers up to date by automatically identifying the computer’s motherboard model and recommending relevant driver downloads. The tool connects to an ASUS server located at “driverhub.asus[.]com” to check for updates.

However, cybersecurity researcher known as MrBruh discovered that the way DriverHub processes and validates connections contains dangerous oversights. Two separate vulnerabilities were found, both of which open the door for attackers to manipulate the software into executing unintended commands.

How the Flaws Work

The first vulnerability, identified as CVE-2025-3462 and given a severity score of 8.4 out of 10, is related to poor handling of origin validation. This means that DriverHub doesn’t properly check where certain web requests are coming from, potentially allowing malicious websites to access the software’s functions simply by sending specially crafted requests.

The second vulnerability, CVE-2025-3463, is even more dangerous with a severity score of 9.4. This flaw stems from improper handling of certificate validation. Essentially, DriverHub fails to thoroughly confirm that the server it’s communicating with is legitimate and trusted. This opens up the possibility for an attacker to pose as an ASUS server and feed the software deceptive instructions.

By exploiting these issues together, an attacker can set up a fake website that looks like part of ASUS’s domain. For example, they might create a subdomain such as “driverhub.asus.com.fake-website.com.” If they can convince a user to click on a link leading to this domain, the attack can begin.

According to MrBruh, the chain of events involves tricking the DriverHub software into running a legitimate ASUS installation file called “AsusSetup.exe.” However, this file is configured via an INI file, which contains setup instructions. If the attacker replaces the standard INI file with one that includes commands to run a malicious payload, the installer will blindly follow those instructions, silently installing and running any program the attacker wants.

All it takes to execute this attack is for the hacker to host three files on their fake domain: the ASUS installer executable, a modified INI file that tells the installer to run the hacker’s malicious software, and the malicious software itself. Once the user is lured into visiting the fake site, the rest of the process happens automatically without their knowledge.

ASUS Responds With Fixes

ASUS was informed about the vulnerabilities on April 8, 2025, and promptly worked on a fix. On May 9, 2025, the company rolled out updates that close the security holes. So far, there is no evidence that these vulnerabilities have been exploited by attackers in real-world scenarios, but ASUS is urging all users to update immediately to ensure their systems are protected.

The company’s security advisory highlights the importance of applying the latest software update through DriverHub itself by launching the application and clicking the “Update Now” option.

ASUS also emphasized that these updates contain essential security improvements and that customers should not delay in applying them to avoid exposing their systems to potential risks.

Security professionals recommend users stay alert to unusual or suspicious links, especially those that appear to lead to legitimate company websites but contain odd extensions or subdomains. Even trusted software can become a tool for hackers if weaknesses like these go unpatched.