CVE-2025-11901

CVSS 7 HIGHEPSS 0.2%CWE-284

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

17 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

ASUS · B460 series ASUS · B560 series ASUS · B660 series ASUS · B760 series ASUS · H410 series ASUS · H470 series ASUS · H510 series ASUS · H610 series ASUS · W480 series ASUS · W680 series ASUS · Z590 series ASUS · Z690 series ASUS · Z790 series

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.asus.com/security-advisory/