CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3462: "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS...

8.4 CVSS

Description

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests.
Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Classification

CVE ID: CVE-2025-3462

CVSS Base Severity: HIGH

CVSS Base Score: 8.4

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:H

Problem Types

CWE-346 Origin Validation Error

Affected Products

Vendor: ASUS

Product: DriverHub

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 18.02% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3462
https://www.asus.com/content/asus-product-security-advisory/

Timeline

2025-05-09 06:40:15 UTC
CVE

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS...