Race Condition Vulnerability in Armoury Crate by ASUS
CVE-2025-3464

8.4HIGH

Key Information:

Vendor

Asus
Status
Armoury Crate
Vendor
CVE Published:
16 June 2025

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-3464?

A race condition vulnerability has been identified in the Armoury Crate application provided by ASUS. This flaw arises from a Time-of-check Time-of-use issue, which can enable unauthorized access through an authentication bypass. Users of Armoury Crate should be aware of the potential risks associated with this vulnerability and are encouraged to consult the ASUS Security Advisory for detailed information and updates on mitigation measures.

Affected Version(s)

Armoury Crate v5.9.9.0~v6.1.18

News Articles

favicon imageBleepingComputer

ASUS Armoury Crate bug lets attackers get Windows admin privileges

A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines.

3 weeks ago

References

https://www.asus.com/content/asus-product-security-advisory/
vendor-advisory
https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-3464 : Race Condition Vulnerability in Armoury Crate by ASUS