A high-severity vulnerability in ASUS Armoury Crate software program might enable menace actors to escalate their privileges to SYSTEM stage on Home windows machines.
The safety difficulty is tracked as CVE-2025-3464 and obtained a severity rating of 8.8 out of 10.
It could possibly be exploited to bypass authorization and impacts the AsIO3.sys of the Armoury Crate system administration software program.
Armoury Crate is the official system management software program for Home windows from ASUS, offering a centralized interface to regulate RGB lighting (Aura Sync), alter fan curves, handle efficiency profiles and ASUS peripherals, in addition to obtain drivers and firmware updates.
To carry out all these features and supply low-level system monitoring, the software program suite makes use of the kernel driver to entry and management {hardware} options.
Cisco Talos’ researcher Marcin “Icewall” Noga reported CVE-2025-3464 to the tech firm.
In keeping with a Talos advisory, the difficulty lies within the driver verifying callers primarily based on a hardcoded SHA-256 hash of AsusCertService.exe and a PID allowlist, as an alternative of utilizing correct OS-level entry controls.
Exploiting the flaw includes creating a tough hyperlink from a benign take a look at app to a faux executable. The attacker launches the app, pauses it, after which swaps the arduous hyperlink to level to AsusCertService.exe.Â
When the driving force checks the file’s SHA-256 hash, it reads the now-linked trusted binary, permitting the take a look at app to bypass authorization and achieve entry to the driving force.
This grants the attacker low-level system privileges, giving them direct entry to bodily reminiscence, I/O ports, and model-specific registers (MSRs), opening the trail to full OS compromise.
It is very important word that the attacker should already be on the system (malware an infection, phishing, compromised unprivileged account) to use CVE-2025-3464.
Nevertheless, the intensive deployment of the software program on computer systems worldwide might signify an assault floor giant sufficient for exploitation to turn into engaging.
Cisco Talos validated that CVE-2025-3464 impacts Armoury Crate model 5.9.13.0, however ASUS’ bulletin notes that the flaw impacts all variations between 5.9.9.0 and 6.1.18.0.
To mitigate the safety drawback, it is suggested to use the newest replace by opening the Armoury Crate app and going to “Settings”> “Replace Middle”> “Examine for Updates”> “Replace.”
Cisco reported the flaw to ASUS in February however no exploitation within the wild has been noticed up to now. Nevertheless, “ASUS strongly recommends that customers replace their Armoury Crate set up to the newest model.”
Home windows kernel driver bugs that result in native privilege escalation are common amongst hackers, together with ransomware actors, malware operations, and threats to authorities businesses.
Patching used to imply advanced scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, cut back overhead, and deal with strategic work — no advanced scripts required.
