CVE-2025-11901

HIGH

ASUS Motherboards - Uncontrolled Resource Consumption

Title source: llm

Description

An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information.

References (1)

Core 1

Core References

Various Sources vendor-advisory

https://www.asus.com/security-advisory/

Scores

CVSS v4 7.0

EPSS 0.0001

EPSS Percentile 2.8%

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (13)

ASUS/B460 series before 1805, 2002, 3002

ASUS/B560 series before 2402, 2803

ASUS/B660 series before 3810, 4501

ASUS/B760 series before 1825, 3102

ASUS/H410 series before 1805, 2002

ASUS/H470 series before 3002

ASUS/H510 series before 2402, 2803

ASUS/H610 series before 3810

ASUS/W480 series before 1002, 2603, 3302

ASUS/W680 series before 2015, 2701, 4501

... and 3 more

Published Dec 17, 2025

Tracked Since Feb 18, 2026