ASUS DriverHub Vulnerability Exposed Millions to Remote Malware Attacks

A critical security flaw in ASUS’s DriverHub software left millions of devices exposed to remote attacks for years before it was discovered and patched. DriverHub is a utility automatically installed on certain ASUS motherboards during the first system boot. It runs quietly in the background, managing driver updates by checking for new versions through a local service on port 53000.

New Zealand-based cybersecurity researcher Paul, also known as “MrBruh,” uncovered two major vulnerabilities—CVE-2025-3462 and CVE-2025-3463. These flaws allowed attackers to bypass security checks and execute remote commands on devices through spoofed websites.

The software was supposed to verify that requests came from ASUS’s official site by checking the "Origin Header" of incoming requests. However, this check was poorly implemented. It accepted any site that merely contained the string “driverhub.asus.com,” making it easy for attackers to trick the system.

Additionally, DriverHub’s "UpdateApp" feature allowed the software to download and run .exe files from URLs ending in “.asus.com” without asking for user permission. If exploited, this could let malicious sites silently run harmful programs on affected systems.

Though ASUS has since released a patch, the fact that the flaw went unnoticed and remained active for years has raised serious concerns about user safety and software oversight.