CVE-2025-11901
BaseFortify
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: ASUS
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an uncontrolled resource consumption issue affecting certain ASUS motherboards with specific Intel chipsets. It requires physical access to internal expansion slots to install a specially crafted device and software, which can lead to excessive resource use and increase the risk of unauthorized direct memory access (DMA).
How can this vulnerability impact me? :
The vulnerability can lead to uncontrolled resource consumption on affected ASUS motherboards, potentially allowing unauthorized direct memory access (DMA). This could compromise system stability, security, and data integrity if exploited.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that physical access to internal expansion slots is restricted to trusted personnel only. Additionally, apply the 'Security Update for UEFI firmware' provided by ASUS as referenced in their security advisory for affected motherboards.