CVE-2025-3463 CRITICAL

CVE-2025-3463

Vendor Asus
Product DriverHub
Weakness CWE-295
Published May 9, 2025
Last update May 19, 2025

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Key dates

02Disclosure timeline

May 9, 2025 CVE published
May 19, 2025 Record updated