DriverHub Hijinks: Asus’s Pre-Installed Software Vulnerabilities Unveiled by MrBruh
DriverHub, pre-installed on Asus motherboards, had two vulnerabilities ripe for remote shenanigans, according to researcher MrBruh. These flaws, CVE-2025-3462 and CVE-2025-3463, could be exploited via crafted HTTP requests. Asus has patched these vulnerabilities, but MrBruh won’t be cashing in a bug bounty—just eternal glory in Asus’s “hall of fame.”
Hot Take:
Who knew that updating your drivers could drive you straight into a hacker’s arms? DriverHub is like that overly enthusiastic friend who lets anyone join the party without checking IDs. Thanks to MrBruh, we now know that the only thing standing between our PCs and pandemonium was a flimsy “asus.com” disguise. But don’t worry, Asus has patched things up—just not with a bounty, but a shoutout in their “hall of fame.” Because who needs cash when you have virtual street cred?
Key Points:
- DriverHub vulnerabilities, CVE-2025-3462 and CVE-2025-3463, can be exploited remotely for code execution.
- The flaws stem from inadequate input validation and affect the software’s interaction and system behavior.
- Only Asus motherboards with pre-installed DriverHub are vulnerable, not laptops or desktops.
- MrBruh showed that modifying origin headers could bypass restrictions on RPC requests.
- Asus issued fixes within a month, but no bug bounty was offered to MrBruh.