Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

DriverHub

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-1880
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Assigner-ASUSTeK Computer Incorporation
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 3.61%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 02:00
Updated-17 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the altered resource to pass system checks and be executed with elevated privileges upon a user-initiated update. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-DriverHub
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-3463
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Assigner-ASUSTeK Computer Incorporation
CVSS Score-9.4||CRITICAL
EPSS-0.81% / 52.27%
||
7 Day CHG+0.04%
Published-09 May, 2025 | 05:37
Updated-19 May, 2025 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-DriverHub
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-3462
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Assigner-ASUSTeK Computer Incorporation
CVSS Score-8.4||HIGH
EPSS-0.49% / 38.03%
||
7 Day CHG+0.02%
Published-09 May, 2025 | 05:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-DriverHub
CWE ID-CWE-346
Origin Validation Error