{"id":38425,"date":"2025-06-19T00:02:18","date_gmt":"2025-06-18T22:02:18","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=38425"},"modified":"2025-06-18T14:27:03","modified_gmt":"2025-06-18T12:27:03","slug":"asus-armoury-crate-vulnerability-cve-2025-3464-allows-admin-privileges-in-windows","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2025\/06\/19\/asus-armoury-crate-vulnerability-cve-2025-3464-allows-admin-privileges-in-windows\/","title":{"rendered":"ASUS Armoury Crate vulnerability CVE-2025-3464 allows admin privileges in Windows"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2025\/06\/18\/asus-armoury-crate-schwachstelle-cve-2025-3464-ermoeglicht-admin-privilegien-in-windows\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Brief information for readers who use ASUS Armoury Crate on their Windows systems. The vulnerability <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3464\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2025-3464<\/a> in the software allows an attacker to gain administrator privileges under Windows. ASUS has since updated the software to close the vulnerabilities.<\/p>\n<p><!--more--><\/p>\n<p><a href=\"https:\/\/rog.asus.com\/content\/armoury-crate\/\" target=\"_blank\" rel=\"noopener\">Armoury Crate<\/a> is a centralized software application developed by ASUS to manage and customize the settings of ASUS hardware components and peripherals. It provides users with a unified interface to control various functions such as RGB lighting, system performance, fan speeds and device configurations.<\/p>\n<p>In this software, Talos <a href=\"https:\/\/talosintelligence.com\/vulnerability_reports\/TALOS-2025-2150\" target=\"_blank\" rel=\"noopener\">found<\/a> the vulnerability <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3464\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2025-3464<\/a> in the driver <em>AsIO3.sys<\/em>. The driver <em>AsIO3.sys<\/em> creates a device called Asusgio3. The vulnerability, classified as High with a CVS 3.1 index of 8.4, is caused by a race condition (time-of-check-time-of-use problem) in the AsIO3.sys file. This can lead to an authentication bypass.<\/p>\n<p>According to Talos, a specially crafted hardlink can lead to a bypass of authorization. The file <em>AsIO3.sys<\/em> of Asus <em>Armoury Crate 5.9.13.0<\/em> is affected. According to ASUS, the vulnerability CVE-2025-3464 affects software versions between V5.9.9.0 and V6.1.18.0.<\/p>\n<p>ASUS has released a software update for the Armoury Crate system management software effective June 16, 2025, according to <a href=\"https:\/\/www.asus.com\/content\/asus-product-security-advisory\/\" target=\"_blank\" rel=\"noopener\">this website<\/a>. This update contains important security updates, and ASUS strongly recommends that users update their Armoury Crate installation to the latest version. Users can get the latest software update by opening Armoury Crate, going to the Settings tab &gt; Update Center and clicking Check for Updates. Then select Update on ARMOURY CRATE if the new version is available. (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/asus-armoury-crate-bug-lets-attackers-get-windows-admin-privileges\/\" target=\"_blank\" rel=\"noopener\">via<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Brief information for readers who use ASUS Armoury Crate on their Windows systems. The vulnerability CVE-2025-3464 in the software allows an attacker to gain administrator privileges under Windows. ASUS has since updated the software to close the vulnerabilities.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,2],"tags":[69,1544,195,194],"class_list":["post-38425","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-windows","tag-security","tag-software","tag-update","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/38425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=38425"}],"version-history":[{"count":3,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/38425\/revisions"}],"predecessor-version":[{"id":38428,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/38425\/revisions\/38428"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=38425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=38425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=38425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}