CVE-2025-11901

Summary

An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSB460 seriesbefore 1805, 2002, 3002affected
ASUSB560 seriesbefore 2402, 2803affected
ASUSB660 seriesbefore 3810, 4501affected
ASUSB760 seriesbefore 1825, 3102affected
ASUSH410 seriesbefore 1805, 2002affected
ASUSH470 seriesbefore 3002affected
ASUSH510 seriesbefore 2402, 2803affected
ASUSH610 seriesbefore 3810affected
ASUSW480 seriesbefore 1002, 2603, 3302affected
ASUSW680 seriesbefore 2015, 2701, 4501affected
ASUSZ590 seriesbefore 2402, 2803affected
ASUSZ690 seriesbefore 3810, 4501affected
ASUSZ790 seriesbefore 1825, 2102, 3102affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References