CVE Tools
Sign in

CVE-2025-11901

Published: Dec 17, 2025Updated: Dec 18, 2025 Sources: CVE List NVD BDUCWE-284
NVD MITRE
6.8CVSSMEDIUM
EPSS Score
0.2%
Top 87.7%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information.

CVSS Vector Breakdown

AV:PAC:LC:HI:HA:H
Exploitability
AV:PAccess Vector
P
AC:LAccess Complexity
Low
Impact
C:HConfidentiality
H
I:HIntegrity
H
A:HAvailability
H
Open in CVSS calculator →

Weaknesses

CWE-284

Affected Products

B460 seriesASUSHardware Firmware
B560 seriesASUSHardware Firmware
B660 seriesASUSHardware Firmware
B760 seriesASUSHardware Firmware
H410 seriesASUSHardware Firmware
asuscommercialTWHardware Firmwareaka asus tek
and 21 more affected products View all →

Exploitability

Official Patch Available

References

https://www.asus.com/security-advisory/
asus.com
https://www.asus.com/security-advisory/
asus.com
https://xakep.ru/2025/12/22/uefi-bug/
xakep.ru
and 2 more references View all →

Timeline

Published
Dec 17, 2025
Last Updated
Dec 18, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-11901 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows