A security researcher discovered a major flaw in ASUS DriverHub, a tool that automatically downloads and installs the latest drivers for ASUS devices. The flaw allowed threat actors to execute malicious code on affected devices remotely. Although the vulnerability was limited to motherboards and did not affect laptops, desktop computers, or other endpoints, ASUS strongly recommended users to apply the patch. The vulnerability window had been open for an indeterminate period, but there were no reports of abuse in the wild.
TPRM report: https://scoringcyber.rankiteo.com/company/asus
"id": "asu558051425",
"linkid": "asus",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Technology',
'name': 'ASUS',
'type': 'Organization'}],
'attack_vector': 'Remote Code Execution',
'description': 'A security researcher discovered a major flaw in ASUS '
'DriverHub, a tool that automatically downloads and installs '
'the latest drivers for ASUS devices. The flaw allowed threat '
'actors to execute malicious code on affected devices '
'remotely. Although the vulnerability was limited to '
'motherboards and did not affect laptops, desktop computers, '
'or other endpoints, ASUS strongly recommended users to apply '
'the patch. The vulnerability window had been open for an '
'indeterminate period, but there were no reports of abuse in '
'the wild.',
'impact': {'systems_affected': 'Motherboards'},
'response': {'remediation_measures': 'Recommended users to apply the patch'},
'title': 'ASUS DriverHub Vulnerability',
'type': 'Vulnerability Exploit',
'vulnerability_exploited': 'Flaw in ASUS DriverHub'}