TechHorizon Consulting

Critical ASUS DriverHub Flaws Allow Remote Code Execution

EC

May 15, 2025By Ethan Coulthard

Overview

ASUS has patched two severe vulnerabilities in its DriverHub utility—CVE-2025-3462 and CVE-2025-3463—that could be exploited together to bypass origin checks and achieve remote code execution (RCE) with administrative privileges. The flaws, disclosed by independent security researcher “Paul” (a.k.a. MrBruh), affected systems running the pre-installed ASUS DriverHub utility found on many ASUS motherboards.

Phishing Cyber Security Fingerprint Ransomware Email Encrypted Technology, Digital Information Protected Secured

Vulnerability Breakdown

CVE-2025-3462 – Origin Header Validation Bypass
This flaw stems from improper validation of the HTTP Origin header in DriverHub’s background service, which listens on port 53000. Though the service was designed to only accept requests from the official domain (driverhub.asus.com), it mistakenly accepted requests from any domain containing that string, such as driverhub.asus.com.attacker.com. This oversight allowed malicious websites to interact with the service via crafted cross-origin requests.

CVE-2025-3463 – Certificate Validation Weakness
This vulnerability involved inadequate verification of digital certificates in the communication between DriverHub and the ASUS backend. The flaw allowed an attacker to spoof certificate-based trust and trick the application into accepting and executing malicious instructions delivered via forged HTTP requests.

Combined Exploitation: Origin Bypass to RCE

When chained, these vulnerabilities enabled threat actors to craft malicious web pages that could send privileged commands to the local DriverHub service without user awareness. If a victim visited such a website, it could lead to:

  • Arbitrary command execution as SYSTEM
  • Full system compromise without downloading any files
  • Exploitation with minimal user interaction

Because DriverHub runs in the background and users may not even know it's installed, the exploit surface is broad and stealthy.

ASUS’s Mitigation and User Guidance

ASUS responded by releasing security patches and urging users to update DriverHub immediately. The company confirmed that the flaws have been resolved in the latest version.

Recommendations for Users:

  • Check for Updates: Ensure that DriverHub is updated to the latest version provided by ASUS.
  • Monitor Network Activity: Be vigilant for unusual network behavior, which could indicate exploitation attempts.
  • Limit Exposure: Consider disabling or uninstalling DriverHub if it's not essential for your system's operation. This must be done from BIOS settings.
AI Artificial Intelligence Security Sentinel Password Cyber Security Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured Lock

Conclusion

These vulnerabilities underscore the risks posed by background utilities that maintain elevated privileges and expose network-accessible services. ASUS users should treat this as a high-priority security issue and take remediation steps without delay. Zero-day vulnerabilities such as these can be difficult to handle for small and medium businesses, that's where TechHorizon Consulting can help. With our vCISO service we can provide real-time network monitoring and can help your business keep up with the newest vulnerabilities. If this interests you, or your small to medium business please visit our "Contact Us" page.