CVE-2025-11901
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-11901
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
ASUS Motherboards 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ASUS Motherboards是中国华硕(ASUS)公司的一系列主板。 ASUS Motherboards存在安全漏洞,该漏洞源于物理访问内部扩展槽以安装特制设备和软件工具可能导致不受控制的资源消耗,可能增加未经授权的直接内存访问风险。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ASUS | B460 series | before 1805, 2002, 3002 | - | |
| ASUS | B560 series | before 2402, 2803 | - | |
| ASUS | B660 series | before 3810, 4501 | - | |
| ASUS | B760 series | before 1825, 3102 | - | |
| ASUS | H410 series | before 1805, 2002 | - | |
| ASUS | H470 series | before 3002 | - | |
| ASUS | H510 series | before 2402, 2803 | - | |
| ASUS | H610 series | before 3810 | - | |
| ASUS | W480 series | before 1002, 2603, 3302 | - | |
| ASUS | W680 series | before 2015, 2701, 4501 | - | |
| ASUS | Z590 series | before 2402, 2803 | - | |
| ASUS | Z690 series | before 3810, 4501 | - | |
| ASUS | Z790 series | before 1825, 2102, 3102 | - |
II. Public POCs for CVE-2025-11901
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-11901
请登录查看更多情报信息。
Same Patch Batch · ASUS · 2025-12-17 · 3 CVEs total
| CVE-2025-59374 | ASUS Live Update 安全漏洞 | |
| CVE-2025-11775 | ASUS Armoury Crate 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-284
- CVE-2026-8233
Dotouch XproUPF access control - CVE-2026-42569
phpvms: /importer authorization bypass causing full database - CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets
V. Comments for CVE-2025-11901
No comments yet