Uncontrolled Resource Consumption Vulnerability in ASUS Motherboards Using Intel Chipsets
CVE-2025-11901

7HIGH

Key Information:

Vendor: Asus
Status: B460 Series; B560 Series; B660 Series; B760 Series
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-11901?

An uncontrolled resource consumption vulnerability exists in certain ASUS motherboards that utilize Intel's B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, and W680 chipsets. This vulnerability requires physical access to the internal expansion slots, where an attacker can install a specially crafted device along with a supporting software utility. If exploited, this can lead to uncontrolled resource consumption, raising the risk of unauthorized direct memory access (DMA) to the system. It is crucial for users to review ASUS's security advisory for firmware updates that address this issue.

Affected Version(s)

B460 series before 1805, 2002, 3002

B560 series before 2402, 2803

B660 series before 3810, 4501

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

Mohamed Al-Sharifi & Nick Peterson

JSON

Asus

What is CVE-2025-11901?

Affected Version(s)

References

CVSS V4

Timeline

Credit