A high-severity flaw lets local attackers bypass authorization and seize kernel-level control.

Researchers at Cisco Talos uncovered CVE-2025-3464, a time-of-check/time-of-use bug in Armoury Crate that scores 8.8 on the CVSS scale. By planting a crafted hard link beside AsusCertService.exe, an attacker can bypass the driver’s hash check, obtain a handle to the Asusgio3 device, and gain direct access to physical memory, MSRs, and I/O ports—effectively achieving full system compromise. Asus has patched versions 5.9.9.0–6.1.18.0 and urges all users to update immediately.

Read more:

https://www.securityweek.com/asus-armoury-crate-vulnerability-leads-to-full-system-compromise/