A high-severity security vulnerability affecting ASUS Armoury Crate software has been identified, potentially allowing attackers to gain SYSTEM-level privileges on Windows machines. The vulnerability, tracked as CVE-2025-3464, carries a severity score of 8.8 out of 10, indicating significant risk for users of the software.
ASUS Armoury Crate serves as the official system control software for Windows from ASUS, integrating functionalities for RGB lighting control, fan curve adjustments, performance profiling, device management, and firmware updates. The vulnerability has implications due to its operation within the system’s kernel driver, which facilitates low-level access to hardware features.
The flaw allows privilege escalation through an exploit involving a hard link from a benign application to a malicious executable. When executed, this enables an attacker to bypass authorization checks due to the flawed verification process in the driver, granting them low-level system privileges. Exploiting this vulnerability necessitates that attackers already have a foothold in the system, through methods such as malware infection or phishing.
Cisco Talos researcher Marcin “Icewall” Noga uncovered the issue and disclosed it to ASUS in February. While no confirmed exploits have been observed in the wild, Cisco indicates that the broad deployment of Armoury Crate globally may pose attractive opportunities for exploitation. Users are advised to update their Armoury Crate installations promptly, as vulnerabilities in Windows kernel drivers are often targets for various malicious actors, including ransomware groups.