Critical Security flaw in ASUS mainboard update system

A  security flaw has been discovered in the automatic update system for ASUS mainboards. The vulnerabilities affect the "Armoury Crate" and "DriverHub" functions used in current ASUS mainboards for both AMD and Intel platforms running under Windows. 

Vulnerabilities summary:

• CVE-2025-3463 (CVSS score 9.4) An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests
• CVE-2025-3462 (CVSS score 7.5) An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests.

The root cause is Windows functions for automatic software installation that are stored in the flash memory of the mainboard's UEFI BIOS. Manufacturers pack executable files or drivers into the BIOS image and register them in the Windows Platform Binary Table (WPBT). After booting, Windows evaluates this ACPI table and installs the linked software automatically. This means that even if all data storage devices are deleted, overwritten, or replaced, these programs will always be reinstalled on the system.

This mechanism has been exploited in previous attacks, including the notorious "Lojax" UEFI rootkit attack.

ASUS has addressed these security issues by releasing updated versions of the affected software. The company is distributing updates for "DriverHub" through its update system and has made the corrected Armoury Crate version v6.1.13 available for download from their official website.

Users of ASUS mainboards are strongly advised to install the available updates immediately to mitigate this security risk. A scan at Virustotal.com can be used to check whether a BIOS update contains potentially vulnerable Windows executable files or drivers.