What is CVE-2025-3463?

CVE-2025-3463 is a vulnerability in Asus Driverhub, classified under Improper Certificate Validation. Published 2025-05-09.

Is CVE-2025-3463 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Asus Driverhub

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP r…

Vulnerability class: Improper Certificate Validation

EPSS: 0.005 (65.4th percentile) — read the EPSS interpretation.

Affected products

Asus Driverhub — versions before 1.0.6.0

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

Public proof-of-concept exploits

ARPSyndicate/cve-scores
Raakaar/AsusService-Reaper
sensepost/bloatware-pwn

References

www.asus.com/content/asus-product-security-advisory/ (vendor-advisory)

Frequently asked questions

What is CVE-2025-3463?: CVE-2025-3463 is a vulnerability in Asus Driverhub, classified under Improper Certificate Validation. Published 2025-05-09.
Is CVE-2025-3463 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.