Out-of-Bounds Read Vulnerability in ASUS Motherboard Series Products
CVE-2025-11775

4.8MEDIUM

Key Information:

Vendor: Asus
Status: Armoury Crate
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-11775?

An out-of-bounds read vulnerability exists in the asComSvc service found in ASUS motherboard series products. By sending specially crafted requests to this service, an attacker may exploit this flaw, leading to potential service crashes or partial loss of functionality. For further details and recommended security updates, refer to the ASUS Security Advisory.

Affected Version(s)

Armoury Crate v6.3.4 and earlier

References

https://www.asus.com/security-advisory

vendor-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Oct 15, 2025

Credit

Aobo Wang(@M4x_1997)

JSON

Asus

What is CVE-2025-11775?

Affected Version(s)

References

CVSS V4

Timeline

Credit