Memory Buffer Vulnerability in AsIO3.sys Driver - ASUS
CVE-2025-9338

7.3HIGH

Key Information:

Vendor: Asus
Status: Armoury Crate
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-9338?

An improper restriction of operations within the bounds of a memory buffer has been identified in the AsIO3.sys driver from ASUS. This vulnerability can be exploited by executing a specially crafted process manually, which may allow an attacker to escalate their privileges locally. Users are encouraged to review the security update provided by ASUS in their advisory for detailed information and mitigations.

Affected Version(s)

Armoury Crate 6.2.11 and earlier

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Aug 22, 2025

JSON

Asus

What is CVE-2025-9338?

Affected Version(s)

References

CVSS V4

Timeline