CVE-2025-11901

Published Dec 17, 2025

Last updated 11 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-11901 is a vulnerability affecting certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. It involves uncontrolled resource consumption that can lead to unauthorized direct memory access (DMA). Exploitation of this vulnerability requires a physical attacker to install a specially crafted device and supporting software utility into one of the internal expansion slots. This can allow the malicious device to read or modify system memory before the operating system's security measures are loaded, potentially enabling pre-boot code injection and access to sensitive data. Firmware updates are available to correct the IOMMU initialization and restore DMA protections.

Description: An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information.
Source: 54bf65a7-a193-42d2-b1ba-8e150d3c35e1
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 7
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

Weaknesses

54bf65a7-a193-42d2-b1ba-8e150d3c35e1: CWE-284

Hype score: Not currently trending

References