CVE-2025-3463: "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation...

9.4 CVSS

Description

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.
Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Classification

CVE ID: CVE-2025-3463

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.4

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem Types

CWE-295 Improper Certificate Validation

Affected Products

Vendor: ASUS

Product: DriverHub

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 21.42% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3463
https://www.asus.com/content/asus-product-security-advisory/

Timeline

2025-05-09 06:40:15 UTC
CVE

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation...