ASUS DriverHub < 1.0.6.0 Multiple Vulnerabilities

critical Nessus Plugin ID 237746

Synopsis

The remote Windows host has an application installed which is affected by multiple vulnerabilities.

Description

ASUS DriverHub, a driver management tool, installed on the the remote host is a version prior to 1.0.6.0 and, therefore, is affected by multiple vulnerabilities:

- An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. (CVE-2025-3462)
- An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. (CVE-2025-3463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ASUS DriverHub version 1.0.6.0 or later.

See Also

https://www.asus.com/content/asus-product-security-advisory/

https://mrbruh.com/asusdriverhub/

Plugin Details

Severity: Critical

ID: 237746

File Name: asus_driverhub_1_0_6_0.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 6/4/2025

Updated: 6/4/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-3463

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/a:asus:driverhub

Required KB Items: SMB/Registry/Enumerated, installed_sw/ASUS DriverHub

Patch Publication Date: 5/9/2025

Vulnerability Publication Date: 5/9/2025

Reference Information

CVE: CVE-2025-3462, CVE-2025-3463