A serious vulnerability in ASUS's DriverHub tool let malicious websites execute commands with administrative privileges on affected devices.
Discovered by independent researcher “MrBruh,” the flaw stemmed from improper validation of the Origin Header in DriverHub's local service, which listens on port 53000 and accepts commands from domains mimicking the official ASUS site.
By combining two CVEs—CVE-2025-3462 and CVE-2025-3463—an attacker could trick DriverHub into downloading and running a legitimate ASUS installer configured to launch a malicious executable.
The attack required only that a victim visit a specially crafted website, without any additional interaction.
ASUS patched the issue on April 18, 2025, but offered no bounty to the researcher.
Users are urged to update DriverHub immediately or disable it via BIOS if concerned about background activity.
Read more...