ASUS Armoury Crate Vulnerability Lets Hackers Gain System-Level Access on Windows
A critical vulnerability in ASUS’s popular Armoury Crate software has exposed millions of Windows users to the risk of system-level compromise, according to a recent disclosure by Cisco Talos and confirmed by ASUS.
The flaw, tracked as CVE-2025-3464, allows attackers to bypass security controls and gain the highest level of privileges on affected systems, potentially opening the door to malware, ransomware, and other advanced threats.
Armoury Crate is ASUS’s flagship system management utility, pre-installed on many ROG and TUF Gaming laptops and desktops.
.png
"ASUS Armoury Crate Vulnerability Lets Hackers Gain System-Level Access on Windows 2")
It serves as a central hub for controlling RGB lighting, fan speeds, performance profiles, device drivers, and firmware updates, making it a core component for gamers and PC enthusiasts worldwide.
The Vulnerability Explained
The flaw resides in the AsIO3.sys kernel driver, a low-level component that enables Armoury Crate to interact directly with hardware.
Researchers discovered that the driver’s authorization mechanism relies on a hardcoded SHA-256 hash and a process ID allowlist, rather than proper Windows security controls.
This oversight enables a local attacker to exploit a race condition known as a Time-of-Check Time-of-Use (TOCTOU) issue.
By creating a hard link from a benign application to a trusted executable, then swapping the link at the right moment, an attacker can trick the driver into granting privileged access to malicious code.
This results in an “authorization bypass,” allowing the attacker to escalate their privileges to SYSTEM—the highest level on Windows—granting full control over the machine.
| Attribute | Details |
| CVE | CVE-2025-3464 |
| Affected Versions | 5.9.9.0 – 6.1.18.0 |
| Severity (CVSS v3) | 8.8 (High) |
The vulnerability affects Armoury Crate versions from 5.9.9.0 through 6.1.18.0, including the widely deployed 5.9.13.0 release.
ASUS has confirmed the issue and issued an urgent advisory, urging all users to update their software via the built-in Update Center.
While exploiting the flaw requires local access—meaning the attacker must already have a foothold on the system through malware, phishing, or a compromised account—the widespread use of Armoury Crate makes this a tempting target for cybercriminals.
Successful exploitation grants access to physical memory, I/O ports, and other sensitive system resources, enabling attackers to bypass security products, install persistent malware, or steal sensitive data.
ASUS has released a security update to address CVE-2025-3464 and strongly recommends that all users update immediately. To patch the vulnerability:
- Open Armoury Crate
- Go to Settings > Update Center
- Click Check for Updates and install any available updates.
No exploitation in the wild has been reported as of June 17, 2025, but users are urged to act swiftly to secure their systems.
ASUS users should update Armoury Crate without delay to prevent potential attacks leveraging this critical flaw.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link
