- A security researcher discovered a major defect in Asus Driverhub
- The defect allows users to run a remote malicious code
- A patch has already been published
Driverhub, the official ASUS management tool, bore a critical vulnerability that allowed threat actors to execute malicious code on affected devices remotely. It has been recently discovered and a fix has been published, so users are invited to apply it as soon as possible to mitigate potential risks.
Asus Driverhub is software that automatically downloads and installs the latest drivers for ASUS devices, including laptops, motherboards and peripherals. Its goal is to keep the devices up to date at any time, without the need for manual intervention. According to Bleeping CompomputeDriverhub is preinstalled on certain devices and is constantly running in the background (which makes sense if it is a question of keeping the software up to date at any time).
Now, a security researcher at alias MRBRUH said Driverhub suffered from poor command validation. This allowed him to chain two vulnerabilities, now followed under the name of CVE-2025-3462, and CVE-2025-3463, and to obtain the tool to execute malicious software.
Release the patch
He reported his conclusions on April 8 and Asus returned with a patch ten days later, on April 18. Although the company claims that the disturbing potential of the fault is somewhat limited: “This problem is limited to motherboards and does not affect laptops, office computers or other termination criteria,” said Asus, describing the CVE.
It is always “strongly recommended” that users apply the fix. “This update includes important security updates and ASUS strongly recommends that users update their Asus Driverhub installation to the latest version,” said the company in a security notice.
“The latest software update is accessible by opening Asus Driverhub, then clicking on the” Update Now “button. Ironically, the tool that manages all the pilot’s installations must be repaired automatically – manually.
According to Cyberiansider, the vulnerability window has been opened for “an indefinite period”, but as there is no abuse report in nature, it is prudent to assume that MRBRUH was the first to spot the bug.
Via Bleeping Compompute
