A high-severity vulnerability in ASUS Armoury Crate software program might permit menace actors to escalate their privileges to SYSTEM degree on Home windows machines.
The safety challenge is tracked as CVE-2025-3464 and obtained a severity rating of 8.8 out of 10.
It might be exploited to bypass authorization and impacts the AsIO3.sys of the Armoury Crate system administration software program.
Armoury Crate is the official system management software program for Home windows from ASUS, offering a centralized interface to regulate RGB lighting (Aura Sync), modify fan curves, handle efficiency profiles and ASUS peripherals, in addition to obtain drivers and firmware updates.
To carry out all these features and supply low-level system monitoring, the software program suite makes use of the kernel driver to entry and management {hardware} options.
Cisco Talos’ researcher Marcin “Icewall” Noga reported CVE-2025-3464 to the tech firm.
In response to a Talos advisory, the challenge lies within the driver verifying callers primarily based on a hardcoded SHA-256 hash of AsusCertService.exe and a PID allowlist, as an alternative of utilizing correct OS-level entry controls.
Exploiting the flaw includes creating a tough hyperlink from a benign check app to a pretend executable. The attacker launches the app, pauses it, after which swaps the onerous hyperlink to level to AsusCertService.exe.
When the driving force checks the file’s SHA-256 hash, it reads the now-linked trusted binary, permitting the check app to bypass authorization and acquire entry to the driving force.
This grants the attacker low-level system privileges, giving them direct entry to bodily reminiscence, I/O ports, and model-specific registers (MSRs), opening the trail to full OS compromise.
You will need to observe that the attacker should already be on the system (malware an infection, phishing, compromised unprivileged account) to use CVE-2025-3464.
Nevertheless, the intensive deployment of the software program on computer systems worldwide might symbolize an assault floor giant sufficient for exploitation to change into enticing.
Cisco Talos validated that CVE-2025-3464 impacts Armoury Crate model 5.9.13.0, however ASUS’ bulletin notes that the flaw impacts all variations between 5.9.9.0 and 6.1.18.0.
To mitigate the safety drawback, it is strongly recommended to use the most recent replace by opening the Armoury Crate app and going to “Settings”> “Replace Middle”> “Examine for Updates”> “Replace.”
Cisco reported the flaw to ASUS in February however no exploitation within the wild has been noticed to this point. Nevertheless, “ASUS strongly recommends that customers replace their Armoury Crate set up to the most recent model.”
Home windows kernel driver bugs that result in native privilege escalation are well-liked amongst hackers, together with ransomware actors, malware operations, and threats to authorities businesses.
Patching used to imply complicated scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and deal with strategic work — no complicated scripts required.
