Alarming ASUS Armoury Crate Vulnerability Can Give Hackers Admin Access

Security researchers have revealed that the ASUS Armoury Crate software has a serious vulnerability (tracked as CVE-2025-3464) that could allow hackers to gain admin access to computers.

The ASUS Armoury Crate software was designed to help users control and customize system settings like RGB lighting, fan speeds, and system configurations on ASUS PCs. However, the As103.sys functionality of the software has a flaw that could allow hackers to bypass authorization and gain direct access.

Here's how. The Armoury Crate suite uses a kernel driver to communicate directly with system hardware. But instead of using appropriate OS-level access controls to confirm callers before granting handle access, the kernel driver uses an embedded SHA-256 hash of AsusCertService.exe and a list of Process IDs.

The problem, however, is that hackers can find their way around this authorization mechanism by deploying sophisticated tactics to mislead the system. If they succeed, they ...