CVE-2025-11901 | THREATINT

Description

An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information.

PUBLISHED Reserved 2025-10-17 | Published 2025-12-17 | Updated 2025-12-17 | Assigner ASUS

HIGH: 7.0CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-284: Improper Access Control

Product status

Default status

unaffected

before 1805, 2002, 3002

affected

Default status

unaffected

before 2402, 2803

affected

Default status

unaffected

before 3810, 4501

affected

Default status

unaffected

before 1825, 3102

affected

Default status

unaffected

before 1805, 2002

affected

Default status

unaffected

before 3002

affected

Default status

unaffected

before 2402, 2803

affected

Default status

unaffected

before 3810

affected

Default status

unaffected

before 1002, 2603, 3302

affected

Default status

unaffected

before 2015, 2701, 4501

affected

Default status

unaffected

before 2402, 2803

affected

Default status

unaffected

before 3810, 4501

affected

Default status

unaffected

before 1825, 2102, 3102

affected

Credits

Mohamed Al-Sharifi & Nick Peterson reporter

References

www.asus.com/security-advisory/ vendor-advisory

cve.org (CVE-2025-11901)

nvd.nist.gov (CVE-2025-11901)

Download JSON