ASUS has issued important security updates to patch two high-risk vulnerabilities in its DriverHub software that could allow hackers to gain remote code execution (RCE) on users’ systems. These flaws, if left unpatched, can be exploited through malicious HTTP requests and tampered .ini files, putting millions of ASUS motherboard users at risk.
What is ASUS DriverHub?
DriverHub is a utility developed by ASUS that automatically detects the motherboard model of a system and downloads necessary driver updates from its dedicated site: driverhub.asus[.]com.
This tool runs silently in the background via a local service on port 53000, continuously checking for driver updates. Most users are unaware it’s even running, which makes any vulnerabilities within the software more dangerous.
The Vulnerabilities Explained
The two critical security flaws are tracked as:
CVE-2025-3462 (CVSS score: 8.4)
A validation error related to HTTP origin headers. This flaw allows unauthorized external sources to interact with the DriverHub service by sending crafted HTTP requests.CVE-2025-3463 (CVSS score: 9.4)
A flaw in certificate validation, allowing untrusted domains to manipulate the software behavior via fake HTTP requests.
Together, these flaws allow an attacker to bypass origin restrictions and run malicious code on a user’s system.
How the Attack Works
New Zealand-based security researcher Paul, also known as MrBruh, discovered and responsibly disclosed the flaws to ASUS on April 8, 2025. He demonstrated a one-click attack that could trick a user into visiting a fake subdomain of the official DriverHub site, such as:
ASUS Responds
ASUS confirmed the issues and released a security update on May 9, 2025, urging users to immediately update DriverHub. Users can apply the update by opening the app and clicking “Update Now.”
In a bulletin, ASUS stated:
“This update includes important security updates and ASUS strongly recommends that users update their ASUS DriverHub installation to the latest version.”
While ASUS submitted CVE descriptions, they initially claimed the issue only affected motherboards—not desktops or laptops. However, this has caused confusion since DriverHub can be installed on any ASUS system.
Despite the severity of the flaw, ASUS did not offer a bug bounty or compensation to the researcher.
Was It Exploited?
So far, there is no evidence that these vulnerabilities have been exploited in the wild. Researcher MrBruh monitored certificate transparency logs and found no malicious TLS certificates imitating the driverhub.asus.com domain, suggesting no known active abuse.
What Should You Do?
If you’re using an ASUS motherboard or have DriverHub installed, follow these steps immediately:
Open ASUS DriverHub
Click on “Update Now” to install the latest security patch
Avoid visiting suspicious websites or clicking unknown links
Consider blocking local port
53000if you don’t use DriverHub actively
Conclusion
These critical flaws in ASUS DriverHub show how even trusted vendor tools can become a security risk if proper validation isn’t enforced. Software that runs silently in the background—especially with system-level access—should always be treated with caution.
ASUS has responded quickly with a fix, but the burden is now on users to ensure their systems are updated. If you rely on ASUS hardware, keeping your drivers and software patched is essential for staying protected against remote attacks.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : Bluetooth 6.1 Improves User Privacy with Smarter Address Randomization
Pingback: May 2025 Patch Tuesday: Zero-Days and Critical Bugs in Windows Azure