"System security is not a matter to be taken lightly," I tell myself as I put off updating my BIOS for another month. Even though I tend to keep physical media backups and I'm not in the habit of clicking dodgy links, that doesn't mean my machine is locked down by any means. System vulnerabilities can sneak in among the very updater utilities folks rely on—and Asus has been having especially poor luck with these as of late.
A fresh vulnerability has been uncovered in Asus Armoury Crate, the all-in-one software hub that often comes preinstalled on laptops, like the Asus ROG Flow Z13, and handhelds such as the Asus ROG Ally X, or used to control various peripherals and components.
Catalogued in NIST's National Vulnerability Database as CVE-2025-3464, the vulnerability in question can be exploited to grant hackers low-level privileges on Windows systems which could then be leveraged into compromising your OS. The prevalence of the Armoury Crate utility combined with this potential, snowballing impact has earned the vulnerability a severity rating of 8.4. That's out of 10, so it's pretty severe.
The vulnerability was first found in Armoury Crate version 5.9.13.0 by Cisco Talos' researcher Marcin "Icewall" Noga, but Asus itself has since issued a product security advisory clarifying that versions between V5.9.9.0 and V6.1.18.0 are also affected.
If you've got an Asus device, you should check which version of Armoury Crate you're running. If you're unsure, you can update to the utility's latest version by navigating to 'settings,' then 'update center,' then 'check for updates,' and finally clicking 'update.'
It also really wouldn't hurt to run an antivirus scan while you're at it; to even begin exploiting this vulnerability, hackers need to have already gained access to your system either via phishing or malware infection. That's arguably a lot of work, but the prevalence of Armoury Crate might just make it worth it for sufficiently motivated bad actors. All of that said, though, there don't appear to be any reports yet of folks falling afoul of this exploit in the wild.
So, how did this happen? Bleeping Computer offers a deep dive into this doozy, but I'll try to simplify. Basically, Armoury Crate uses Windows' kernel driver to keep an eye on and act upon your hardware. Similar utilities would usually opt for a few layers removed from the kernel, instead using OS-level access controls.
To use the club-going metaphor I've deployed before, picture this: a ne'er-do-well is already in line at the club—your PC—but when they get to the bouncer, they whip out a hand puppet. The hand-puppet vouches for the suspicious club-goer at first, before the hacker then gives up on ventriloquising to yell, "Hey, wait, what's that over there?" The hacker then whips off the hand puppet, lobs it at the distracted bouncer, and leapfrogs their way straight into the DJ booth. Their abysmal playlist is really the least of anyone's worries.
This is the second vulnerability to be uncovered in an Asus utility in as many months. In May, it was reported that DriverHub could be leveraged in a remote code execution attack—though the vulnerability was first found and reported to Asus way back in February. At the very least, it looks like Asus has been quicker to act this time. Does any of this mean I'm likely to update my BIOS sooner rather than later? Well, let's just say this 100-hour BIOS update stream is still making me think twice…I'd also rather be gaming than watching a progress bar, so my laziness wins out again!
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
