Home > Security > Security News

ASUS Fixes Critical One-Click Vulnerabilities in Preinstalled DriverHub Software

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

ASUS has rolled out updates to address two critical security flaws in its DriverHub software, which could potentially allow attackers to execute remote code on targeted systems. These vulnerabilities involve origin validation and improper certificate validation, respectively.

The issues identified as CVE-2025-3462 (CVSS score: 8.4) and CVE-2025-3463 (CVSS score: 9.4), discovered and disclosed by security researcher MrBruh, exploit the software's ability to detect and update drivers via its dedicated server, driverhub.asus[.]com. 

An attacker could manipulate this process by luring victims to a malicious subdomain, enabling the execution of a crafted payload through the misuse of an altered configuration file (AsusSetup.ini) and legitimate binaries.

DriverHub software
DriverHub software | Source: MrBruh

The security researcher also published a PoC (proof of concept) video along with the disclosure as shown below:

Users are tricked into visiting a malicious subdomain of driverhub.asus[.]com, and the attacker leverages the “UpdateApp” endpoint to trigger the execution of infected files.  

The legitimate AsusSetup.exe binary is used in conjunction with the manipulated SilentInstallRun parameter to execute arbitrary code hosted on the attacker's site.

This attack, labeled a “one-click exploit,” could compromise a system with minimal user interaction, making it a serious threat.

ASUS promptly addressed these vulnerabilities after they were responsibly disclosed on April 8, 2025. A fix was released on May 9, 2025, and there have been no reports of the flaws being exploited in the wild. 

ASUS strongly recommends all users update their DriverHub software to the latest version to mitigate potential risks by opening ASUS DriverHub and clicking the "Update Now" button in the interface.

Add a Comment
Related
Türkiye-Linked Hackers Target Kurdish Servers via Output Messenger Zero-Day Flaw Exploit
Moldovan Police Arrest Key Suspect in €4.5 Million International Ransomware Case
New Infostealer and RAT Campaign Exfiltrates Sensitive Data via Fake AI Tools Lure
Best VPN for IPTV
IPTV Operators Face Charges of Bell, Rogers TV Signal Theft and Illegal Distribution in Canada
Massive Alleged Steam Data Breach Results in Over 89 Million Records for Sale
Operation Moonlander: Four Individuals Sold Botnets Made from Old Routers on Anyproxy and 5socks for 20 Years
Most Popular
The Handmaid's Tale season 6
The Handmaid’s Tale Season 6 Episode 8 Ending Explained: June’s Daring Assault, Serena’s Awakening, & Aunt Lydia’s Reckoning
Jesse in The Last of Us Season 2 and in The last of Us Part 2
The Last of Us Season 2: Does Jesse die in the game and will the show Change his fate?
Türkiye-Linked Hackers Target Kurdish Servers via Output Messenger Zero-Day Flaw Exploit
Spider-Noir
Spider-Noir: All About the Nicolas Cage Starrer Hardboiled Black and White Live-Action Series
Moldovan Police Arrest Key Suspect in €4.5 Million International Ransomware Case
Clown in a Cornfield
Clown in a Cornfield: Post-Credits Scene Explored, Ending Explained, Sequel Possibilities, & more
The Handmaid’s Tale Season 6 Episode 8 Ending Explained: June’s Daring Assault, Serena’s Awakening, & Aunt Lydia’s Reckoning
The Last of Us Season 2: Does Jesse die in the game and will the show Change his fate?
Türkiye-Linked Hackers Target Kurdish Servers via Output Messenger Zero-Day Flaw Exploit
Spider-Noir: All About the Nicolas Cage Starrer Hardboiled Black and White Live-Action Series
Moldovan Police Arrest Key Suspect in €4.5 Million International Ransomware Case
Clown in a Cornfield: Post-Credits Scene Explored, Ending Explained, Sequel Possibilities, & more

Most Popular
The Handmaid's Tale season 6
The Handmaid’s Tale Season 6 Episode 8 Ending Explained: June’s Daring Assault, Serena’s Awakening, & Aunt Lydia’s Reckoning
Jesse in The Last of Us Season 2 and in The last of Us Part 2
The Last of Us Season 2: Does Jesse die in the game and will the show Change his fate?
Türkiye-Linked Hackers Target Kurdish Servers via Output Messenger Zero-Day Flaw Exploit
Spider-Noir
Spider-Noir: All About the Nicolas Cage Starrer Hardboiled Black and White Live-Action Series
Moldovan Police Arrest Key Suspect in €4.5 Million International Ransomware Case
Clown in a Cornfield
Clown in a Cornfield: Post-Credits Scene Explored, Ending Explained, Sequel Possibilities, & more
The Handmaid’s Tale Season 6 Episode 8 Ending Explained: June’s Daring Assault, Serena’s Awakening, & Aunt Lydia’s Reckoning
The Last of Us Season 2: Does Jesse die in the game and will the show Change his fate?
Türkiye-Linked Hackers Target Kurdish Servers via Output Messenger Zero-Day Flaw Exploit
Spider-Noir: All About the Nicolas Cage Starrer Hardboiled Black and White Live-Action Series
Moldovan Police Arrest Key Suspect in €4.5 Million International Ransomware Case
Clown in a Cornfield: Post-Credits Scene Explored, Ending Explained, Sequel Possibilities, & more

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: