- ASUS released a patch to CVE-2025-3464, a bypass error with high difficulty approval
- The problem affects Armory Crate, a centralized hub for controlling ASUS and ROG -hardware
- The error may lead to the acquisition of full unit
Asus says it has established a vulnerability of high difficulty that could have enabled threat actors to bypass the approval requirements and obtain system rights on a Windows device.
Recently, a security researcher at Cisco Talos discovered that an Armory Crate core mode driver is not dependent on proper OS-level controls, but instead authenticates requests using a hard-coded SHA-256 hash of AsusCertservices.exe and a PID quote.
This means that a threat actor can create a tough link from a benign executable to a placeholder file, launch the app and then swap the link to point to the trusted Asus Binary. When the driver verifies hashish, it will recognize a trusted signature even if the attacker’s process now uses this context.
Fixed with updates
The end result is unauthorized driver access, which can lead to full -unit compromise. The good news is that in order to abuse this vulnerability, the threat actor must obtain system access in advance (either through stolen/purchased credentials or a back door).
The vulnerability was found in Armory Crate, an ASUS application that is often pre-installed on ROG and TUF-Laptop and Desktops.
It acts as a centralized hub for controlling ASUS and ROG hardware, including RGB lighting, fan curves and the performance of different peripheral devices – and can also be used to manage driver and firmware updates.
The problem is now traced as CVE-2025-3464 and has a severity of 8.4/10 (high) according to NVD.
All versions between 5.9.9.0 and 6.1.18.0 were said to be vulnerable, and to ensure their devices, users need to update to the latest version of Armory Crate: It can be done by navigating to Settings> Update Center> Check for Updates> Update.
Asus said it found no evidence that the error is abused in nature, but still “recommends” that “users update their installations as soon as possible.
Via Bleeping computer
