CVE-2025-3462

HIGH Year: 2025
Weakness Type
CWE-346
View all →

Vulnerability Description

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

Related Vulnerabilities

CVE-2024-57965

NONE
CVSS:0.0(None)

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that ...

CWE-3462024

CVE-2023-30856

CRITICAL
CVSS:10.0(Critical)

eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to...

CWE-3462023

CVE-2000-1218

CRITICAL
CVSS:9.8(Critical)

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts tha...

CWE-3462000

CVE-2003-0174

CRITICAL
CVSS:9.8(Critical)

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a passw...

CWE-3462003

CVE-2017-13274

CRITICAL
CVSS:9.8(Critical)

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges neede...

CWE-3462017

CVE-2017-20146

CRITICAL
CVSS:9.8(Critical)

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the...

CWE-3462017