CVE-2025-11901
📋 TL;DR
An uncontrolled resource consumption vulnerability in certain ASUS motherboards with Intel chipsets allows physical attackers to install malicious devices in expansion slots, potentially leading to unauthorized direct memory access (DMA). This affects ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, and W680 chipsets.
💻 Affected Systems
- ASUS motherboards with Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 chipsets
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized DMA access leading to complete system compromise, data theft, or persistent malware installation via physical access to internal hardware.
Likely Case
System instability, denial of service through resource exhaustion, or limited data exposure if DMA protections are partially effective.
If Mitigated
Minimal impact with proper physical security controls and UEFI firmware updates applied.
🎯 Exploit Status
Exploitation requires physical hardware access and specialized device/software, making it more complex than pure software attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Specific version not provided; refer to ASUS Security Advisory for 'Security Update for UEFI firmware'.
Vendor Advisory: https://www.asus.com/security-advisory/
Restart Required: Yes
Instructions:
1. Visit ASUS Security Advisory. 2. Identify your motherboard model. 3. Download latest UEFI firmware update. 4. Follow ASUS firmware update instructions. 5. Reboot system after update.
🔧 Temporary Workarounds
Physical Security Controls
allRestrict physical access to computer hardware and expansion slots.
Disable Unused Expansion Slots
allDisable unused PCIe/expansion slots in UEFI/BIOS settings if supported.
🧯 If You Can't Patch
- Implement strict physical security controls to prevent unauthorized hardware access.
- Monitor for unauthorized hardware changes and system resource consumption anomalies.
🔍 How to Verify
Check if Vulnerable:
Check motherboard model and chipset against ASUS Security Advisory; verify UEFI firmware version.Check Version:
System-specific: Check UEFI/BIOS version during boot or use manufacturer utilities like ASUS AI Suite.Verify Fix Applied:
Confirm UEFI firmware has been updated to version specified in ASUS Security Advisory.📡 Detection & Monitoring
Log Indicators:
- Unexpected hardware installation events
- System resource exhaustion alerts
- UEFI/BIOS modification logs
Network Indicators:
- Not applicable - physical access required
SIEM Query:
EventID for hardware changes OR system resource alerts above threshold