A high-severity vulnerability in ASUS Armoury Crate software program might permit risk actors to escalate their privileges to SYSTEM stage on Home windows machines.
The safety problem is tracked as CVE-2025-3464 and obtained a severity rating of 8.8 out of 10.
It might be exploited to bypass authorization and impacts the AsIO3.sys of the Armoury Crate system administration software program.
Armoury Crate is the official system management software program for Home windows from ASUS, offering a centralized interface to manage RGB lighting (Aura Sync), regulate fan curves, handle efficiency profiles and ASUS peripherals, in addition to obtain drivers and firmware updates.
To carry out all these features and supply low-level system monitoring, the software program suite makes use of the kernel driver to entry and management {hardware} options.
Cisco Talos’ researcher Marcin “Icewall” Noga reported CVE-2025-3464 to the tech firm.
Based on a Talos advisory, the problem lies within the driver verifying callers primarily based on a hardcoded SHA-256 hash of AsusCertService.exe and a PID allowlist, as a substitute of utilizing correct OS-level entry controls.
Exploiting the flaw includes creating a tough hyperlink from a benign take a look at app to a faux executable. The attacker launches the app, pauses it, after which swaps the arduous hyperlink to level to AsusCertService.exe.
When the driving force checks the file’s SHA-256 hash, it reads the now-linked trusted binary, permitting the take a look at app to bypass authorization and acquire entry to the driving force.
This grants the attacker low-level system privileges, giving them direct entry to bodily reminiscence, I/O ports, and model-specific registers (MSRs), opening the trail to full OS compromise.
You will need to observe that the attacker should already be on the system (malware an infection, phishing, compromised unprivileged account) to use CVE-2025-3464.
Nevertheless, the in depth deployment of the software program on computer systems worldwide could signify an assault floor massive sufficient for exploitation to turn into enticing.
Cisco Talos validated that CVE-2025-3464 impacts Armoury Crate model 5.9.13.0, however ASUS’ bulletin notes that the flaw impacts all variations between 5.9.9.0 and 6.1.18.0.
To mitigate the safety drawback, it is suggested to use the newest replace by opening the Armoury Crate app and going to “Settings”> “Replace Heart”> “Examine for Updates”> “Replace.”
Cisco reported the flaw to ASUS in February however no exploitation within the wild has been noticed to this point. Nevertheless, “ASUS strongly recommends that customers replace their Armoury Crate set up to the newest model.”
Home windows kernel driver bugs that result in native privilege escalation are fashionable amongst hackers, together with ransomware actors, malware operations, and threats to authorities businesses.
Patching used to imply advanced scripts, lengthy hours, and limitless fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, cut back overhead, and give attention to strategic work — no advanced scripts required.
