CVE-2025-3464

Published Jun 16, 2025

Last updated 2 months ago

CVSS high 8.4

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-3464 is a vulnerability affecting ASUS Armoury Crate versions V5.9.9.0 up to V6.1.18.0. It stems from a race condition, specifically a Time-of-Check to Time-of-Use (TOCTOU) flaw. This vulnerability can be exploited to bypass authentication. The vulnerability exists in the AsIO3.sys functionality of ASUS Armoury Crate. An attacker can exploit this by creating a hard link, leading to an authorization bypass. ASUS advises users to update to the latest version of Armoury Crate via the in-app Update Center.

Description
A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Source
54bf65a7-a193-42d2-b1ba-8e150d3c35e1
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

54bf65a7-a193-42d2-b1ba-8e150d3c35e1
CWE-367

Social media

Hype score
Not currently trending

  1. #reversing #Hardware_Security Decrement by one to rule them all: AsIO3.sys driver exploitation https://t.co/MtzFJUkWdS // CVE-2025-1533 - Asus Armoury Crate AsIO3.sys stack-based BoF + CVE-2025-3464 - Asus Armoury Crate AsIO3.sys authorization bypass vulns

    @ksg93rd

    1 Jul 2025

    1028 Impressions

    8 Retweets

    24 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  2. Admin jog szerezhető az ASUS Armoury Crate kihasználásával A CVE-2025-3464 azonosítón nyilvántartott, 8.8-as súlyosságú ASUS Armoury Crate sérülékenység kihasználásával rendszergazdai jogosultságok szerezhetők az érintett számítógépeken. ASUS hack CVE

    @linuxmint_hun

    30 Jun 2025

    34 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ASUS Armoury Crate の脆弱性 CVE-2025-3464 が FIX:ローカル SYSTEM 権限昇格の可能性 https://t.co/BGDcW42ezE この ASUS Armoury Crateの 脆弱性 CVE-2025-3464

    @iototsecnews

    30 Jun 2025

    125 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Des millions de PC Windows sont vulnérables à la CVE-2025-3464 dans #ASUS #ArmouryCrate ! 🔒 Un lien dur manipulé permet une #LPE SYSTEM pour prendre le contrôle total. ✅ Mettez à jour vers la version 6.1.18.0 ou supérieure dès maintenant ! #Windows #CyberSécur

    @sciberi_x

    20 Jun 2025

    11 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-3464

    @transilienceai

    19 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨Se ha detectado una vulnerabilidad crítica ⚠️ (CVE-2025-3464) que permite a atacantes obtener acceso total al sistema 🖥️ si ya tienen acceso local. ✅ ¿Tienes Armoury Crate? Abre la app → Configuración → Centro de actualizaciones → ¡Actualiza ya! https://

    @M4nticonsuling

    19 Jun 2025

    26 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ASUS Armoury Crateに深刻な脆弱性、ローカル環境から管理者権限の奪取が可能に(CVE-2025-3464) #セキュリティ対策Lab #セキュリティ #Security https://t.co/2QPxmV8aiF

    @securityLab_jp

    19 Jun 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ASUS Armoury Crate bug lets attackers get Windows admin privileges CVE-2025-3464, a high-severity vulnerability in ASUS Armoury Crate software allows local attackers to escalate privileges to SYSTEM level on Windows. Scoring 8.8/10, the flaw affects versions 5.9.9.0 to 6.1.18.0

    @dCypherIO

    17 Jun 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Vulnérabilité critique dans ASUS Armoury Crate CVE-2025-3464 → escalade SYSTEM via le driver AsIO3.sys 🔓 🛡️ Agissez maintenant : 1. Ouvrez Armoury Crate 2. Paramètres > Centre de mise à jour 3. Vérifiez et installez la dernière version 🔄 #ASUS #Windo

    @sciberi_x

    17 Jun 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. A high-severity vulnerability in ASUS Armoury Crate, tracked as CVE-2025-3464 with a score of 8.8, allows privilege escalation to SYSTEM level on Windows. The flaw affects versions 5.9.9.0 to 6.1.18. https://t.co/j6hiafyQym

    @securityRSS

    17 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. A critical vulnerability, CVE-2025-3464, has surfaced in ASUS Armoury Crate, putting Windows systems at serious risk. By exploiting weaknesses in driver handling, attackers can achieve SYSTEM privileges, resulting in a complete OS takeover. https://t.co/gDOSJ7ahrB

    @The4n6Analyst

    17 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. A critical vulnerability in Asus Armoury Crate (CVE-2025-3464) allows privilege escalation and full system control via an authorization bypass using the AsIO3.sys driver. Multiple versions affected. Stay alert! ⚠️ #CyberRisk #SecurityAlert #Japan https://t.co/BRsAx9ihb8

    @TweetThreatNews

    17 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 CVE-2025-3464 (CVSS 8.8/10) 🚨 A critical vuln in ASUS Armoury Crate allows privilege escalation to SYSTEM level on Windows. MDE worldwide telemetry shows a large footprint — defenders, do check your endpoint deployment.🤝 https://t.co/taq0eGGPkj https://t.co/AzXIU1mY

    @0x534c

    17 Jun 2025

    995 Impressions

    1 Retweet

    12 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  14. ASUS Armoury Crateの脆弱性でWindows管理者権限を取得可能にCVE-2025-3464 https://t.co/wCGJodPrIu #Secuity #セキュリティ #ニュース

    @SecureShield_

    17 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ASUS Armoury Crateに権限昇格の脆弱性。CVE-2025-3464はCVSSスコア8.8。認証を迂回して同ソフトのAsIO3.sysドライバを直接呼び出せる。ドライバ側での呼び出し元検証がAsusCertService.exeのSHA-256ハッシュとPID許可リストのみ

    @__kokumoto

    16 Jun 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-3464 Race Condition Authentication Bypass in ASUS Armoury Crate Softwar... https://t.co/apyOdcqTlr Customizable Vulnerability Alerts: https://t.co/U7998fz7yk

    @VulmonFeeds

    16 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-3464 A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. … https://t.co/8Zr9PsgFH5

    @CVEnew

    16 Jun 2025

    600 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. [CVE-2025-3464: HIGH] Armoury Crate has a critical vulnerability due to a Time-of-check Time-of-use issue. Users are at risk of authentication bypass. See ASUS Security Advisory for a fix.#cve,CVE-2025-3464,#cybersecurity https://t.co/qpoMdt0Tko https://t.co/I1g04I8ogy

    @CveFindCom

    16 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.