Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ASUS DriverHub < 1.0.6.0 Multiple Vulnerabilities

🗓️ 04 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 13 Views

ASUS DriverHub prior to version 1.0.6.0 has multiple vulnerabilities affecting system security.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the ASUS DriverHub tool for installing and updating drivers is related to deficiencies in the data source verification mechanism. This allows a hacker to execute arbitrary code.
8 Aug 202500:00
bdu_fstec
BDU FSTEC		The vulnerability of the ASUS DriverHub tool for installing and updating drivers is related to errors in the authentication process. This vulnerability allows a perpetrator to cause service interruptions.
8 Aug 202500:00
bdu_fstec
Circl		CVE-2025-3462
9 May 202506:25
circl
Circl		CVE-2025-3463
9 May 202506:25
circl
CNNVD		ASUS DriverHub 安全漏洞
9 May 202500:00
cnnvd
CNNVD		ASUS DriverHub 安全漏洞
9 May 202500:00
cnnvd
CVE		CVE-2025-3462
9 May 202505:36
cve
CVE		CVE-2025-3463
9 May 202505:37
cve
Cvelist		CVE-2025-3462
9 May 202505:36
cvelist
Cvelist		CVE-2025-3463
9 May 202505:37
cvelist
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(237746);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/06/04");

  script_cve_id("CVE-2025-3462", "CVE-2025-3463");

  script_name(english:"ASUS DriverHub < 1.0.6.0 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed which is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"ASUS DriverHub, a driver management tool, installed on the the remote host is a version prior to 1.0.6.0 and,
therefore, is affected by multiple vulnerabilities:

  - An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's
    features via crafted HTTP requests. (CVE-2025-3462)
  
  - An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior 
    via crafted HTTP requests. (CVE-2025-3463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported 
version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.asus.com/content/asus-product-security-advisory/");
  script_set_attribute(attribute:"see_also", value:"https://mrbruh.com/asusdriverhub/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to ASUS DriverHub version 1.0.6.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-3463");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:asus:driverhub");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("asus_driverhub_win_installed.nbin");
  script_require_keys("installed_sw/ASUS DriverHub", "SMB/Registry/Enumerated");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'ASUS DriverHub', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '1.0.6.0'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Jun 2025 00:00Current
8.7High risk
Vulners AI Score8.7
CVSS 49.4
EPSS0.00777
SSVC
asus driverhub vulnerabilitiesinsufficient validationcrafted http requestsuntrusted sourcessystem behavior.
13