CyberSecurityBoard
Sponsor Register Login

ASUS DriverHub flaw let malicious sites run commands with admin rights

The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. The flaw was discovered by an independent cybersecurity researcher from New Zealand named Paul (aka "MrBruh"), who found that the software had poor validation of commands sent to the DriverHub background service. DriverHub is ASUS's official driver management tool that is automatically installed on the first system boot when utilizing certain ASUS motherboards. MrBruh says he monitored certificate transparency updates and found no other TLS certificates containing the "driverhub.asus.com" string, indicating it was not exploited in the wild. An attacker can target any user with ASUS DriverHub running on their system to trick them into visiting a malicious website on their browser. The second issue lies in the UpdateApp endpoint, which allows DriverHub to download and run .exe files from ".asus.com" URLs without user confirmation. "This update includes important security updates and ASUS strongly recommends that users update their ASUS DriverHub installation to the latest version," reads the bulletin. By spoofing the Origin Header to something like 'driverhub.asus.com.mrbruh.com,' the weak validation check is bypassed, so DriverHub accepts the commands. In the researcher's demonstration, the commands order the software to download a legitimate ASUS-signed 'AsusSetup.exe' installer from the vendor's download portal, along with a malicious .ini file and .exe payload. Once installed, the tool remains active and running in the background via a local service on port 53000, continually checking for important driver updates. This ini file directs the legitimate ASUS driver installer to launch the malicious executable file. If you're uncomfortable with a background service automatically fetching potentially dangerous files upon visiting websites, you may disable DriverHub from your BIOS settings.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 12 May 2025 21:34:54 +0000


Cyber News related to ASUS DriverHub flaw let malicious sites run commands with admin rights

ASUS DriverHub flaw let malicious sites run commands with admin rights - The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. The flaw was discovered by an independent cybersecurity ...
1 month ago Bleepingcomputer.com
CVE-2024-0401 - ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ...
1 year ago
Cisco's Commitment to Human Rights: A Tribute to the 75th Anniversary of the Universal Declaration of Human Rights - December 10 marks the 75th anniversary of the United Nations' adoption of the Universal Declaration of Human Rights, a landmark document that for the first time recognized human rights and freedoms are inherent to all individuals, regardless of ...
1 year ago Feedpress.me Inception
4500+ WordPress Sites Hacked with a Monero Cryptojacking Campaign - Security researchers recently reported the discovery of a massive Monero hacking campaign targeted at WordPress sites. According to reports, more than 4500 WordPress sites were compromised with a malicious cryptocurrency-mining campaign. The hackers ...
2 years ago Thehackernews.com
CVE-2025-3463 - "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP ...
1 month ago
CVE-2025-3462 - "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted ...
1 month ago
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
11 months ago Crowdstrike.com
In Landmark Battle Over Free Speech, EFF Urges Supreme Court to Strike Down Texas and Florida Laws that Let States Dictate What Speech Social Media Sites Must Publish - WASHINGTON D.C.-The Electronic Frontier Foundation and five organizations defending free speech urged the Supreme Court to strike down laws in Florida and Texas that let the states dictate certain speech social media sites must carry, violating the ...
1 year ago Eff.org
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware - Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site ...
1 year ago Bleepingcomputer.com CVE-2023-6000
ASUS warns of critical auth bypass flaw in routers using AiCloud - The vulnerability discovered in AiCloud impacts a broad range of models, with ASUS releasing fixes for multiple firmware branches, including 3.0.0.4_382 series, 3.0.0.4_386 series, 3.0.0.4_388 series, and 3.0.0.6_102 series. It allows users to access ...
2 months ago Bleepingcomputer.com CVE-2025-2492
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
EFF Joins Forces with 20+ Organizations in the Coalition #MigrarSinVigilancia - Today, EFF joins more than 25 civil society organizations to launch the Coalition #MigrarSinVigilancia. The Latin American coalition's aim is to oppose arbitrary and indiscriminate surveillance affecting migrants across the region, and to push for ...
1 year ago Eff.org
Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
4 months ago Bleepingcomputer.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
11 months ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke
CVE-2018-14993 - The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of ...
5 years ago
International Threats to Freedom of Expression: 2023 Year in Review - 2023 has been an unfortunate reminder that the right to free expression is most fragile for groups on the margins, and that it can quickly become a casualty during global conflicts. They surfaced in bills and laws around the world that explicitly ...
1 year ago Eff.org
CVE-2025-48063 - XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that ...
1 month ago
Product showcase: DCAP solution FileAuditor for data classification and access rights audit - According to the security policies, established in the organization, only 100 users had legitimate access rights to the file. Only a specialized advanced DCAP system is capable of revealing that a document with confidential content is kept in ...
1 year ago Helpnetsecurity.com
Electronic Frontier Alliance Comes Back Strong: 2023 in Review - The Electronic Frontier Alliance is a loose network of local groups fighting for digital rights in the United States, chaired by EFF. Members' efforts have been recovering from the limitations put on local organizing caused by the pandemic. More EFA ...
1 year ago Eff.org
Social Justice: a global perspective - Today, we commemorate World Day of Social Justice and honor those across the globe who stand for the equitable access to opportunities within societies where individuals' rights are recognized and protected. I have the distinct honor of leading the ...
1 year ago Feedpress.me
Council Gives Green Light to Europe's Corporate Sustainability Due Diligence Directive - For most businesses, corporate responsibility has evolved from a peripheral concern to a core consideration. Today, with the Council's vote on the European Union Corporate Sustainability Due Diligence Directive, the EU took a significant step toward ...
1 year ago Feedpress.me
CVE-2024-50002 - In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. ...
8 months ago Tenable.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)