- Asus released a patch for CVE-2025-3464, a high-severity authentication bypass flaw
- The issue affects Armoury Crate, a centralized hub for managing ASUS and ROG hardware
- The flaw could possibly lead to full device takeover
Asus says it has fixed a high-severity vulnerability that could have allowed threat actors to bypass authentication requirements and obtain SYSTEM privileges on a Windows device.
Recently, a security researcher from Cisco Talos discovered an Armoury Crate kernel-mode driver doesn’t rely on proper OS-level checks, but instead authenticates requests using a hardcoded SHA-256 hash of AsusCertServices.exe and a PID allowlist.
This means that a threat actor can create a hard link from a benign executable to a placeholder file, launch the app, and then swap the link to point to the trusted Asus binary. When the driver verifies the hash, it will recognize a trusted signature, even though the attacker’s process is now using that context.
Fixed with updates
The end result is unauthorized driver access, which could lead to full device compromise. The good news is that in order to abuse this vulnerability, the threat actor must obtain system access beforehand (either through stolen/purchased credentials, or a backdoor).
The vulnerability was found in Armoury Crate, an Asus application commonly pre-installed on ROG and TUF laptops and desktops.
It serves as a centralized hub for managing Asus and ROG hardware, including RGB lighting, fan curves, and the performance of different peripherals – and can also be used to manage driver and firmware updates.
The issue is now tracked as CVE-2025-3464, and has a severity score of 8.4/10 (high), as per NVD.
All versions between 5.9.9.0 and 6.1.18.0 were said to be vulnerable, and to secure their devices, users should update to the newest version of Armoury Crate: That can be done by navigating to Settings > Update Center > Check for Updates > Update.
Asus said it found no evidence that the flaw is being abused in the wild, but still “strongly recommends” users update their installations as soon as possible.
Via BleepingComputer
