Null Pointer Dereference in AsIO3.sys Driver by ASUS
CVE-2025-9337

6.8MEDIUM

Key Information:

Vendor: Asus
Status: Armoury Crate
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-9337?

A null pointer dereference vulnerability has been identified in the AsIO3.sys driver used by ASUS devices. This flaw can be exploited through specially crafted input, leading to potential system crashes characterized by a Blue Screen of Death (BSOD). To safeguard your system, it's imperative to stay updated with security patches provided in the ASUS Security Advisory.

Affected Version(s)

Armoury Crate Before v6.3.4

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

neseesun

JSON

Asus

What is CVE-2025-9337?

Affected Version(s)

References

CVSS V4

Timeline

Credit