ASUS DriverHub Vulnerability: Hackers Can Take Over Your PC via Website

Автор: Security Daily Review

Загружено: 2025-05-13

Просмотров: 322

Описание:

A critical vulnerability in ASUS DriverHub put millions of systems at risk — and it’s worse than ASUS admits.

Security researcher MrBruh (Paul) discovered two high-severity flaws now tracked as CVE-2025-3462 and CVE-2025-3463. The first allowed malicious websites to bypass origin checks using a domain trick, giving them access to a local RPC service on port 53000. The second exploited improper certificate validation to silently install malware with SYSTEM privileges via ASUS's own signed installer.

Attackers could hijack your PC with a single click, using a fake subdomain and a malicious .ini file.

ASUS released a fix in DriverHub version 1.0.6.0 on May 9, 2025 — but you have to manually trigger the update from inside the app.

ASUS says only motherboards are affected. Researchers say that’s false — laptops, desktops, anything with DriverHub installed could be vulnerable. If it came with your BIOS, it may already be running silently.

Update now. Don't wait. This is a full system compromise from just one click.

📌 CVE-2025-3462: Origin check bypass (CVSS 8.4)
📌 CVE-2025-3463: Code execution via installer abuse (CVSS 9.4)

🔐 Stay safe. Patch now.

#ASUS, #DriverHub, #Cybersecurity, #CVE20253462, #CVE20253463, #PrivilegeEscalation, #ZeroDay, #SystemVulnerability, #SecurityAlert, #Exploit, #PatchNow, #InfoSec, #WindowsSecurity, #Hacking, #SystemCompromise

FIND US AT
https://dailysecurityreview.com/

FOLLOW US ON SOCIAL
Get updates or reach out to Get updates on our Social Media Profiles!
Twitter: / securitydailyr
Facebook: https://www.facebook.com/profile.php?...
LinkedIn: / security-daily-review

ASUS DriverHub Vulnerability: Hackers Can Take Over Your PC via Website

Доступные форматы для скачивания:

Скачать видео mp4

Информация по загрузке:

Скачать аудио mp3

Похожие видео

array(10) { [0]=> object(stdClass)#5086 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "Rj3sTAMYNQk" ["related_video_title"]=> string(35) "this SSH exploit is absolutely wild" ["posted_time"]=> string(28) "11 месяцев назад" ["channelName"]=> string(9) "Low Level" } [1]=> object(stdClass)#5059 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "v7BNtpw53AA" ["related_video_title"]=> string(73) "The Complete Cybersecurity Roadmap: Land a Cybersecurity Job in 10 Months" ["posted_time"]=> string(27) "5 месяцев назад" ["channelName"]=> string(21) "Programming with Mosh" } [2]=> object(stdClass)#5084 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "CuB20FwwLLA" ["related_video_title"]=> string(79) "9.8 Severity and Counting: Inside Trend Micro’s Latest Security Emergency" ["posted_time"]=> string(19) "3 дня назад" ["channelName"]=> string(21) "Security Daily Review" } [3]=> object(stdClass)#5091 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "nec3aZM8aUY" ["related_video_title"]=> string(83) "Deep House Mix 2024 | Deep House, Vocal House, Nu Disco, Chillout Mix by Diamond #3" ["posted_time"]=> string(19) "1 год назад" ["channelName"]=> string(7) "Diamond" } [4]=> object(stdClass)#5070 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "mHQ9r98mmrg" ["related_video_title"]=> string(95) "Как я стал специалистом по кибербезопасности с НУЛЯ" ["posted_time"]=> string(23) "1 месяц назад" ["channelName"]=> string(9) "CyberYozh" } [5]=> object(stdClass)#5088 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "yvNKuZqRmJ4" ["related_video_title"]=> string(59) "Advanced Bruteforce WiFi WPA2 cracking with GPU and Hashcat" ["posted_time"]=> string(25) "2 месяца назад" ["channelName"]=> string(12) "David Bombal" } [6]=> object(stdClass)#5083 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "AeGinsx6Oug" ["related_video_title"]=> string(62) "ЧТО ТАКОЕ СУПЕРКОМПЬЮТЕР? | ФОРМАТ" ["posted_time"]=> string(21) "3 года назад" ["channelName"]=> string(7) "Droider" } [7]=> object(stdClass)#5093 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "8UPDF-Is9o0" ["related_video_title"]=> string(118) "Китай представил самых безумных дронов на выставке UAV SHENZHEN EXPO 2025!" ["posted_time"]=> string(21) "5 дней назад" ["channelName"]=> string(12) "Alex Robolab" } [8]=> object(stdClass)#5069 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "Okq--FagHHA" ["related_video_title"]=> string(146) "⚡️ Жуткий удар по столице || Решающая атака Ирана || Москва выдвинула ультиматум" ["posted_time"]=> string(21) "3 часа назад" ["channelName"]=> string(23) "Время Прядко" } [9]=> object(stdClass)#5087 (5) { ["video_id"]=> int(9999999) ["related_video_id"]=> string(11) "w5MV1Jeo76g" ["related_video_title"]=> string(26) "What is a Zero Day Threat?" ["posted_time"]=> string(28) "11 месяцев назад" ["channelName"]=> string(14) "IBM Technology" } }

this SSH exploit is absolutely wild

this SSH exploit is absolutely wild

The Complete Cybersecurity Roadmap: Land a Cybersecurity Job in 10 Months

The Complete Cybersecurity Roadmap: Land a Cybersecurity Job in 10 Months

9.8 Severity and Counting: Inside Trend Micro’s Latest Security Emergency

9.8 Severity and Counting: Inside Trend Micro’s Latest Security Emergency

Deep House Mix 2024 | Deep House, Vocal House, Nu Disco, Chillout Mix by Diamond #3

Deep House Mix 2024 | Deep House, Vocal House, Nu Disco, Chillout Mix by Diamond #3

Как я стал специалистом по кибербезопасности с НУЛЯ

Как я стал специалистом по кибербезопасности с НУЛЯ

Advanced Bruteforce WiFi WPA2 cracking with GPU and Hashcat

Advanced Bruteforce WiFi WPA2 cracking with GPU and Hashcat

ЧТО ТАКОЕ СУПЕРКОМПЬЮТЕР? | ФОРМАТ

ЧТО ТАКОЕ СУПЕРКОМПЬЮТЕР? | ФОРМАТ

Китай представил самых безумных дронов на выставке UAV SHENZHEN EXPO 2025!

Китай представил самых безумных дронов на выставке UAV SHENZHEN EXPO 2025!

⚡️ Жуткий удар по столице || Решающая атака Ирана || Москва выдвинула ультиматум

⚡️ Жуткий удар по столице || Решающая атака Ирана || Москва выдвинула ультиматум

What is a Zero Day Threat?

What is a Zero Day Threat?