Null Pointer Dereference Vulnerability in ASUS AI Suite 3
CVE-2025-6398

6.7MEDIUM

Key Information:

Vendor

Asus
Status
Ai Suite
Vendor
CVE Published:
1 August 2025

What is CVE-2025-6398?

A null pointer dereference vulnerability has been identified in the IOMap64.sys driver of ASUS AI Suite 3. This security flaw can be exploited through specially crafted input, potentially leading to system instability and crashes, such as the Blue Screen of Death (BSOD). Users are encouraged to review ASUS's official security advisory for guidance on mitigating this issue.

Affected Version(s)

AI Suite before v3.03.42

References

https://www.asus.com/content/security-advisory/
vendor-advisory

CVSS V4

Score:
6.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-6398 : Null Pointer Dereference Vulnerability in ASUS AI Suite 3