ASUS Armoury Crate bug lets attackers reach Windows admin privileges
ASUS patches high severity Armour Crate security flaw
A high-severity vulnerability/bug in ASUS’ Armoury Crate Software has been uncovered, allowing attackers to escalate their privileges to “take control of the entire system.”
Talos Intelligence uncovered this vulnerability, calling it CVE-2025-3464. This flaw has been assigned a rating of 8.8, classifying it as a high-severity security flaw. Thankfully, ASUS has patched its Armour Crate software to address this issue. However, this patch was released on June 16th. As such, it is likely not installed on all affected systems yet.
Armoury Crate is an application that can be used to manage and customise the settings of ASUS PC hardware. It can control features like RGB lighting, fan profiles, and more. Note that this app is automatically installed on most ASUS-powered Windows PCs.
We believe that this vulnerability is critical and provides a potential attacker with numerous easy ways to escalate privileges and take control of the entire system.
A bug in ASUS’ Armoury Crate software allows attackers to exploit its AsiIO3.sys functionality. This can lead to an authorisation bypass. Note that attackers can create a hard link to trigger this vulnerability. If users update Armoury Crate to its latest version, this vulnerability will no longer be exploitable.
Security Update for Armoury Crate AppASUS has released a Software Update for Armoury Crate, a system management software. This update includes important security updates, and ASUS strongly recommends that users update their Armoury Crate installation to the latest version.
The latest Software Update can be received by opening Armoury Crate, in the “Settings”> “Update Center” tab, and clicking “Check for Updates”. Click “Update” on ARMOURY CRATE if the new version is available.
This update specifically addresses the CVE-2025-3464 vulnerability.It is important to note that the security vulnerabilities affect versions between V5.9.9.0 ~ V6.1.18.0– ASUS
Users of ASUS’ Armoury Crate software should update it to its latest version. The vulnerability affects all versions of the app between versions V5.9.9.0 and V6.1.18.0.
This isn’t the first time that ASUS has had to update Armoury Crate to address a security flaw. Last month ASUS updated their app to address a vulnerability known as CVE-2025-1533.
You can join the discussion on ASUS patching another security update for its Armoury Crate PC app on the OC3D Forums.