CVE-2025-3463

Severity CVSS v4.0:

CRITICAL

Type:

CWE-295 Improper Certificate Validation

Publication date:

09/05/2025

Last modified:

12/05/2025

Description

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.<br /> Refer to the &#39;Security Update for ASUS DriverHub&#39; section on the ASUS Security Advisory for more information.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS v4.0 Severity and Metrics:

Base Score: 9.40 CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): Passsive
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): High
Integrity (SI): High
Availability (SA): High

Base Score 4.0

9.40

Severity 4.0

CRITICAL

CVE-2025-3463

Description

Impact

References to Advisories, Solutions, and Tools