- Asus launched a patch for CVE-2025-3464, a high severity authentication derivation failure
- The problem affects Armory Crate, a centralized center to manage ASUS and ROG hardware
- The fault could lead to the complete acquisition of the device
Asus says that it has solved a vulnerability of high severity that could have allowed threat actors to avoid authentication requirements and obtain system privileges on a Windows device.
Recently, a Cisco Talos Security researcher discovered that a Arsenal Cash Core Core mode does not depend on the level of the appropriate operating system level, but that requests authenticly using a HASH SHA-256 coded scarf of scarertservices.exe and an PID permit.
This means that a threat actor can create a difficult link of a benign executable to a position marker file, start the application and then exchange the link to point to the binary Asus of trust. When the driver verifies the hash, he will recognize a reliable firm, although the attacker’s process is now using that context.
Was solved with updates
The final result is the unauthorized access of the controller, which could lead to the complete commitment of the device. The good news is that to abuse this vulnerability, the threat actor must obtain access to the system in advance (either through stolen/bought credentials or a rear door).
The vulnerability was found in Armory Crate, an ASUS application commonly pre -installed in laptops and desktops ROG and TUF.
It serves as a centralized center to administer the ASUS and ROG hardware, including RGB lighting, fan curves and the performance of different peripherals, and can also be used to administer controllers and firmware updates.
The problem is now tracked as CVE-2025-3464, and has a gravity score of 8.4/10 (high), according to NVD.
It was said that all versions between 5.9.9.0 and 6.1.18.0 are vulnerable, and to ensure their devices, users must update to the most recent version of Armory Crate: that can be done sailing to configuration> Update center> Verify updates> Update.
Asus said he found no evidence that the failure is being abused in nature, but still “recommends” update users update their facilities as soon as possible.
Through Bleepingcomputer
