A critical flaw in this Asus software puts your PC in danger

A new security flaw, having as a reference CVE-2025-3464, has been identified in the Armoury Crate of Asus software. With a severity score of 8.8 out of 10, this vulnerability is considered critical. It allows an attacker who already has limited access to a computer to bypass the protections and become a director, thus granting him an almost total control on the machine.

What is Armoury Crate software?

For millions of ASUS equipment users, Armoury Crate is an essential tool. Installed by default on many laptops or PCs equipped with brand motherboards, it serves as a control tower to manage a multitude of features:

• Aura Sync: Synchronization of RGB lighting of components and peripherals.
• Performance profiles: Adjustment of the speed of the fans and processor performance.
• Management of ASUS devices: configuration of mice, keyboards and other accessories.
• Updates: download of the latest pilots and organic.

To accomplish these tasks, which require in -depth control of the hardware, the software is based on a specific pilot (Asio3.Sys) operated at the nucleus (kernel) Windows.

It was the security researcher Marcin “Icewall” Noga by Cisco Talos who uncovered this breach. According to his report, the problem lies in the way the pilot checks who has the right to give him instructions. Rather than relying on Windows access control mechanisms, the pilot is content to check the digital imprint (a hash SHA-256) of a specific ASUS service.

A clever attacker can therefore use this weakness. Using a technique of symbolic links (hard link), he can deceive the pilot. At the time of verification, the latter believes to communicate with the Asus service, when he actually authorizes the malicious program of the attacker. This undue authorization opens the doors of the system at the lowest level, giving direct access to physical memory, input/exit ports and critical processor registers.

What are the risks and what should you do?

It is crucial to note that this fault cannot be exploited remotely for a first infection. The attacker must already have a foot in the system, for example via downloaded malware, a successful phishing campaign or an already compromised user account.

However, the important popularity of Armoury Crate software creates a very wide and attractive attack surface for pirates. The flaws of this type, allowing an escalation of local privileges, are particularly popular with malicious actors, including ransomic operators.

The solution is simple: update Armoury Crate. Indeed, Asus has already published a corrective, vulnerability affecting all versions of Armoury Crate between 5.9.9.0 and 6.1.18.0.

To apply the update, simply open the Armoury Crate application and go to the settings. Then click on update center, launch a search for updates and install the latest version offered.

Although Marcin “Icewall” Noga of Cisco Talos reported the Faille to Asus in February and that no active exploitation has been observed to date, Asus strongly recommends that all users update their installation of Armoury Crate to the latest available version, without further delay.