CVE-2025-3462
HIGHASUS DriverHub - Unauthorized Feature Interaction via Crafted HTTP Requests
Title source: llmDescription
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
References (2)
Core 2
Core References
Various Sources vendor-advisory
https://www.asus.com/content/asus-product-security-advisory/
Various Sources
https://mrbruh.com/asusdriverhub/
Scores
CVSS v4
8.4
EPSS
0.0046
EPSS Percentile
36.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-346
Status
published
Products (1)
ASUS/DriverHub
before 1.0.6.0
Published
May 09, 2025
Tracked Since
Feb 18, 2026