AI description
CVE-2025-3464 is a vulnerability affecting ASUS Armoury Crate versions V5.9.9.0 up to V6.1.18.0. It stems from a race condition, specifically a Time-of-Check to Time-of-Use (TOCTOU) flaw. This vulnerability can be exploited to bypass authentication. The vulnerability exists in the AsIO3.sys functionality of ASUS Armoury Crate. An attacker can exploit this by creating a hard link, leading to an authorization bypass. ASUS advises users to update to the latest version of Armoury Crate via the in-app Update Center.
- Description
- A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
- Source
- 54bf65a7-a193-42d2-b1ba-8e150d3c35e1
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- 54bf65a7-a193-42d2-b1ba-8e150d3c35e1
- CWE-367
- Hype score
- Not currently trending
A critical vulnerability, CVE-2025-3464, has surfaced in ASUS Armoury Crate, putting Windows systems at serious risk. By exploiting weaknesses in driver handling, attackers can achieve SYSTEM privileges, resulting in a complete OS takeover. https://t.co/gDOSJ7ahrB
@The4n6Analyst
17 Jun 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Asus Armoury Crate (CVE-2025-3464) allows privilege escalation and full system control via an authorization bypass using the AsIO3.sys driver. Multiple versions affected. Stay alert! ⚠️ #CyberRisk #SecurityAlert #Japan https://t.co/BRsAx9ihb8
@TweetThreatNews
17 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3464 (CVSS 8.8/10) 🚨 A critical vuln in ASUS Armoury Crate allows privilege escalation to SYSTEM level on Windows. MDE worldwide telemetry shows a large footprint — defenders, do check your endpoint deployment.🤝 https://t.co/taq0eGGPkj https://t.co/AzXIU1mY
@0x534c
17 Jun 2025
855 Impressions
1 Retweet
12 Likes
3 Bookmarks
2 Replies
0 Quotes
ASUS Armoury Crateの脆弱性でWindows管理者権限を取得可能にCVE-2025-3464 https://t.co/wCGJodPrIu #Secuity #セキュリティ #ニュース
@SecureShield_
17 Jun 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ASUS Armoury Crateに権限昇格の脆弱性。CVE-2025-3464はCVSSスコア8.8。認証を迂回して同ソフトのAsIO3.sysドライバを直接呼び出せる。ドライバ側での呼び出し元検証がAsusCertService.exeのSHA-256ハッシュとPID許可リストのみ
@__kokumoto
16 Jun 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3464 Race Condition Authentication Bypass in ASUS Armoury Crate Softwar... https://t.co/apyOdcqTlr Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
16 Jun 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3464 A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. … https://t.co/8Zr9PsgFH5
@CVEnew
16 Jun 2025
600 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3464: HIGH] Armoury Crate has a critical vulnerability due to a Time-of-check Time-of-use issue. Users are at risk of authentication bypass. See ASUS Security Advisory for a fix.#cve,CVE-2025-3464,#cybersecurity https://t.co/qpoMdt0Tko https://t.co/I1g04I8ogy
@CveFindCom
16 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes