Asus Armoury Crate vulnerabilities
11 known vulnerabilities affecting asus/armoury_crate.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-11775MEDIUMCVSS 4.8vv6.3.4 and earlier2025-12-17
CVE-2025-11775 [MEDIUM] CWE-125 CVE-2025-11775: An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability
An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series products. Refer to the 'Security Update for Armoury Crate App' section o
cvelistv5nvd
CVE-2025-9338HIGHCVSS 7.3v6.2.11 and earlier2025-11-06
CVE-2025-9338 [HIGH] CWE-119 CVE-2025-9338: A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver
A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation.
For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Securit
cvelistv5nvd
CVE-2025-9968HIGHCVSS 8.5vbefore 6.3.42025-10-13
CVE-2025-9968 [HIGH] CWE-59 CVE-2025-9968: A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerabi
A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation.
For more information, please refer to section 'Security Update for Armoury Crate App' in the ASUS Security Advisory.
cvelistv5nvd
CVE-2025-9337MEDIUMCVSS 6.8vBefore v6.3.42025-10-13
CVE-2025-9337 [MEDIUM] CWE-476 CVE-2025-9337: A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be tri
A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD).
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
cvelistv5nvd
CVE-2025-9336MEDIUMCVSS 6.8vBefore v6.3.42025-10-13
CVE-2025-9336 [MEDIUM] CWE-121 CVE-2025-9336: A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be trigg
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution.
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
cvelistv5nvd
CVE-2025-3464HIGHCVSS 8.4vv5.9.9.0~v6.1.182025-06-16
CVE-2025-3464 [HIGH] CWE-367 CVE-2025-3464: A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-che
A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass.
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
cvelistv5nvd
CVE-2025-1533HIGHCVSS 8.2vV6.1.13 and earlier2025-05-12
CVE-2025-1533 [HIGH] CWE-121 CVE-2025-1533: A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be trigg
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution.
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
cvelistv5nvd
CVE-2024-12957HIGHCVSS 8.4vV2.3.4.0~V5.9.9.02025-01-23
CVE-2024-12957 [HIGH] CWE-306 CVE-2024-12957: A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary f
A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion.
Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
cvelistv5nvd
CVE-2023-5716CRITICALCVSS 9.8fixed in 4.1.0.8vV4.0.1.32024-01-19
CVE-2023-5716 [CRITICAL] CWE-306 CVE-2023-5716: ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.
cvelistv5nvd
CVE-2023-26911HIGHCVSS 7.8≤ 5.3.4.02023-07-26
CVE-2023-26911 [HIGH] CWE-428 CVE-2023-26911: ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vul
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
nvd
CVE-2022-42455HIGHCVSS 7.8fixed in 5.3.4.12023-02-15
CVE-2022-42455 [HIGH] CWE-269 CVE-2022-42455: ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.
nvd