ASUS Armoury Crate Vulnerability Lets Hackers Gain System-Level Access on Windows

A critical vulnerability in ASUS’s popular Armoury Crate software has exposed millions of Windows users to the risk of system-level compromise, according to a recent disclosure by Cisco Talos and confirmed by ASUS.

The flaw, tracked as CVE-2025-3464, allows attackers to bypass security controls and gain the highest level of privileges on affected systems, potentially opening the door to malware, ransomware, and other advanced threats.

Armoury Crate is ASUS’s flagship system management utility, pre-installed on many ROG and TUF Gaming laptops and desktops.

It serves as a central hub for controlling RGB lighting, fan speeds, performance profiles, device drivers, and firmware updates, making it a core component for gamers and PC enthusiasts worldwide.

The Vulnerability Explained

The flaw resides in the AsIO3.sys kernel driver, a low-level component that enables Armoury Crate to interact directly with hardware.

Researchers discovered that the driver’s ...