CVE-2025-3462 HIGH

CVE-2025-3462

Vendor Asus
Product DriverHub
Weakness CWE-346 · Origin validation
Published May 9, 2025
Last update May 19, 2025

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Key dates

02Disclosure timeline

May 9, 2025 CVE published
May 19, 2025 Record updated