CVE-2025-3463 - Vulnerability Details - OpenCVE

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.asus.com/content/asus-product-security-advisory/

History

Fri, 09 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 09 May 2025 05:45:00 +0000

Type	Values Removed	Values Added
Description		"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
Weaknesses		CWE-295
References		https://www.asus.com/content/asus-product-security-advisory/
Metrics		cvssV4_0 `{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: ASUS

Published: 2025-05-09T05:37:06.125Z

Updated: 2025-05-09T13:18:13.680Z

Reserved: 2025-04-09T03:38:15.673Z

Link: CVE-2025-3463

Vulnrichment

Updated: 2025-05-09T13:18:10.120Z

NVD

Status : Received

Published: 2025-05-09T06:15:36.130

Modified: 2025-05-09T06:15:36.130

Link: CVE-2025-3463

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3463", "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "state": "PUBLISHED", "assignerShortName": "ASUS", "dateReserved": "2025-04-09T03:38:15.673Z", "datePublished": "2025-05-09T05:37:06.125Z", "dateUpdated": "2025-05-09T13:18:13.680Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DriverHub", "vendor": "ASUS", "versions": [{"status": "affected", "version": "before 1.0.6.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.\" An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.<br>Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information."}], "value": "\"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.\"\u00a0An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.\nRefer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.4, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "shortName": "ASUS", "dateUpdated": "2025-05-09T05:37:06.125Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.asus.com/content/asus-product-security-advisory/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-09T13:18:05.295904Z", "id": "CVE-2025-3463", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T13:18:13.680Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3463", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-09T13:18:05.295904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T13:18:10.120Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ASUS", "product": "DriverHub", "versions": [{"status": "affected", "version": "before 1.0.6.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.asus.com/content/asus-product-security-advisory/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "\"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.\"\u00a0An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.\nRefer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.", "supportingMedia": [{"type": "text/html", "value": "\"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.\" An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.<br>Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "shortName": "ASUS", "dateUpdated": "2025-05-09T05:37:06.125Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3463", "state": "PUBLISHED", "dateUpdated": "2025-05-09T13:18:13.680Z", "dateReserved": "2025-04-09T03:38:15.673Z", "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "datePublished": "2025-05-09T05:37:06.125Z", "assignerShortName": "ASUS"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "\"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.\"\u00a0An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.\nRefer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information."}], "id": "CVE-2025-3463", "lastModified": "2025-05-09T06:15:36.130", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary"}]}, "published": "2025-05-09T06:15:36.130", "references": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "url": "https://www.asus.com/content/asus-product-security-advisory/"}], "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary"}]}