CVE-2025-11901

CVSS 7 HIGHEPSS 0.2%CWE-284

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

17 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

ASUS · B460 series ASUS · B560 series ASUS · B660 series ASUS · B760 series ASUS · H410 series ASUS · H470 series ASUS · H510 series ASUS · H610 series ASUS · W480 series ASUS · W680 series ASUS · Z590 series ASUS · Z690 series ASUS · Z790 series

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.asus.com/security-advisory/