A high-severity vulnerability in ASUS Armoury Crate software program might enable menace actors to escalate their privileges to SYSTEM degree on Home windows machines.
The security difficulty is tracked as CVE-2025-3464 and acquired a severity rating of 8.8 out of 10.
It might be exploited to bypass authorization and impacts the AsIO3.sys of the Armoury Crate system administration software program.
Armoury Crate is the official system management software program for Home windows from ASUS, offering a centralized interface to regulate RGB lighting (Aura Sync), modify fan curves, handle efficiency profiles and ASUS peripherals, in addition to obtain drivers and firmware updates.
To carry out all these features and supply low-level system monitoring, the software program suite makes use of the kernel driver to entry and management {hardware} options.
Cisco Talos’ researcher Marcin “Icewall” Noga reported CVE-2025-3464 to the tech firm.
In response to a Talos advisory, the difficulty lies within the driver verifying callers based mostly on a hardcoded SHA-256 hash of AsusCertService.exe and a PID allowlist, as an alternative of utilizing correct OS-level entry controls.
Exploiting the flaw entails creating a tough hyperlink from a benign take a look at app to a pretend executable. The attacker launches the app, pauses it, after which swaps the exhausting hyperlink to level to AsusCertService.exe.
When the driving force checks the file’s SHA-256 hash, it reads the now-linked trusted binary, permitting the take a look at app to bypass authorization and achieve entry to the driving force.
This grants the attacker low-level system privileges, giving them direct entry to bodily reminiscence, I/O ports, and model-specific registers (MSRs), opening the trail to full OS compromise.
It is very important notice that the attacker should already be on the system (malware an infection, phishing, compromised unprivileged account) to use CVE-2025-3464.
Nonetheless, the in depth deployment of the software program on computer systems worldwide might symbolize an assault floor giant sufficient for exploitation to grow to be engaging.
Cisco Talos validated that CVE-2025-3464 impacts Armoury Crate model 5.9.13.0, however ASUS’ bulletin notes that the flaw impacts all variations between 5.9.9.0 and 6.1.18.0.
To mitigate the security drawback, it is strongly recommended to use the newest replace by opening the Armoury Crate app and going to “Settings”> “Replace Heart”> “Verify for Updates”> “Replace.”
Cisco reported the flaw to ASUS in February however no exploitation within the wild has been noticed to this point. Nonetheless, “ASUS strongly recommends that customers replace their Armoury Crate set up to the newest model.”
Home windows kernel driver bugs that result in native privilege escalation are well-liked amongst hackers, together with ransomware actors, malware operations, and threats to authorities businesses.
Patching used to imply advanced scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, scale back overhead, and give attention to strategic work — no advanced scripts required.
