CVE-2025-3463
CRITICALASUS DriverHub - Improper Certificate Validation via Crafted HTTP Requests
Title source: llmDescription
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
References (2)
Core 2
Core References
Various Sources
https://mrbruh.com/asusdriverhub/
Various Sources vendor-advisory
https://www.asus.com/content/asus-product-security-advisory/
Scores
CVSS v4
9.4
EPSS
0.0078
EPSS Percentile
50.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (1)
ASUS/DriverHub
before 1.0.6.0
Published
May 09, 2025
Tracked Since
Feb 18, 2026