CVE-2025-11901 is an improper access control vulnerability (CWE-284) identified in a broad range of ASUS motherboards utilizing Intel chipsets including B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, and W680 series. The vulnerability arises from uncontrolled resource consumption that can be triggered by an attacker who gains physical access to the internal expansion slots of the affected motherboard. By installing a specially crafted device along with a supporting software utility, the attacker can exploit this flaw to induce uncontrolled resource consumption, which escalates the risk of unauthorized direct memory access (DMA). This unauthorized DMA can lead to compromise of system confidentiality, integrity, and availability by bypassing typical software security controls. The attack vector requires physical presence and hardware manipulation but does not require any authentication or user interaction once physical access is achieved. The vulnerability affects firmware components, specifically the UEFI firmware, which ASUS has addressed through security updates. The CVSS 4.0 vector indicates a high impact on confidentiality, integrity, and availability with low attack complexity and no privileges or user interaction required, but physical access is mandatory. No public exploits have been reported yet, but the potential for serious impact exists especially in environments where physical security is weaker or where high-value targets are present. The affected versions are those before firmware versions 1805, 2002, and 3002. Organizations should refer to ASUS’s security advisory for detailed patching instructions.

For European organizations, this vulnerability poses a significant risk particularly in sectors where ASUS motherboards with the affected Intel chipsets are deployed in critical infrastructure, enterprise servers, or sensitive workstations. The requirement for physical access limits remote exploitation but increases the threat from insider attacks, supply chain compromises, or physical breaches. Successful exploitation can lead to unauthorized DMA, allowing attackers to bypass operating system protections, extract sensitive data, inject malicious code, or cause system instability and denial of service. This can impact confidentiality by exposing sensitive information, integrity by allowing unauthorized code execution or data manipulation, and availability by causing resource exhaustion or system crashes. The risk is heightened in environments with shared physical access or insufficient hardware security controls. European organizations with high-value intellectual property, government data, or critical operational technology should consider this vulnerability a serious threat. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future attacks, especially as exploit development could leverage the publicly known details.

1. Apply the latest UEFI firmware updates from ASUS immediately to all affected motherboards, ensuring versions are at or above 1805, 2002, or 3002 as applicable. 2. Enhance physical security controls to restrict unauthorized access to internal expansion slots, including locked server racks, secured data centers, and surveillance. 3. Implement strict hardware inventory and monitoring to detect unauthorized devices connected to expansion slots. 4. Use chassis intrusion detection features where available to alert on unauthorized physical access. 5. Educate staff on the risks of physical tampering and enforce policies restricting physical access to critical hardware. 6. Consider deploying endpoint detection and response (EDR) solutions capable of identifying anomalous DMA activity or resource consumption patterns. 7. For high-security environments, evaluate the use of hardware-based DMA protection technologies such as Intel VT-d or IOMMU to limit unauthorized memory access. 8. Coordinate with ASUS support and security advisories for ongoing updates and guidance. 9. Conduct regular security audits and penetration tests focusing on physical security and hardware tampering vectors.