ASUS has released a security update addressing two high-severity flaws in its DriverHub utility that could allow attackers to execute malicious code remotely. The vulnerabilities, disclosed by security researcher MrBruh, were identified as CVE-2025-3462 and CVE-2025-3463, with CVSS scores of 8.4 and 9.4, respectively.
DriverHub is designed to automatically detect a user’s motherboard model and suggest the appropriate driver updates. It communicates with a backend hosted at driverhub.asus[.]com. However, flaws in its request validation and certificate checks opened the door to potentially devastating one-click remote code execution (RCE) attacks.
According to the researcher, an attacker could trick users into visiting a lookalike subdomain (e.g., driverhub.asus.com.attacker[.]com) and abuse the UpdateApp endpoint in DriverHub to launch a seemingly legitimate AsusSetup.exe binary. However, by crafting a malicious AsusSetup.ini configuration file, the attacker could silently run any arbitrary script or executable on the target system.
This exploit works by modifying the SilentInstallRun field inside the .ini file, which is normally used to trigger a silent installation. When executed with the -s flag—standard in DriverHub’s silent install flow—AsusSetup.exe executes the attacker-specified payload instead of a legitimate driver installation script.
ASUS Urges Users to Update DriverHub Immediately
ASUS confirmed it patched the issues on May 9, 2025, following a responsible disclosure by the researcher on April 8. At the time of writing, there’s no evidence the ASUS DriverHub vulnerabilities have been exploited in real-world attacks.
“These vulnerabilities could allow an attacker to affect system behavior or achieve remote code execution under certain conditions,” ASUS noted in its official bulletin. “We strongly recommend all users update their ASUS DriverHub software to the latest version immediately.”
To install the fix, users should open the DriverHub tool and click “Update Now”. This patch includes critical security improvements and helps safeguard against any potential misuse of the identified vulnerabilities.
