- Asus has published a correction for CVE-2025-3464, a high severity authentication steering
- The problem affects the Cutte armory, a centralized center to manage the ASUS and the ROG equipment
- The flaw could possibly lead to a complete control of the devices
Asus says that he set a high severity vulnerability that could have allowed the actors to threaten to get around authentication requirements and obtain system privileges on a Windows device.
Recently, a safety researcher from Cisco Talos discovered that a pilot in core armory core mode does not compose on appropriate bone level checks, but rather authenticates the requests using a hanut-256 hatch coded in hard asuscerservices.exe and a list of PID highway.
This means that an actor of threat can create a hard link of a Benin executable to a reserved space file, launch the application, then exchange the link to point to the binary Asus of trust. When the driver checks the hash, he will recognize a signature of trust, even if the attacker’s process now uses this context.
Update correction
The end result is an unauthorized pilot access, which could cause a complete compromise on the device. The good news is that to abuse this vulnerability, the threat player must obtain access to the system beforehand (either by stolen / purchased references, or a stolen door).
Vulnerability has been found in armory, an ASU application generally preinstalled on laptops and ROG and TUF office computers.
It serves as a centralized center to manage ASUS and ROG equipment, including RGB lighting, fan curves and performance of different devices – and can also be used to manage the pilot and firmware updates.
The problem is now followed as CVE-2025-3464 and has a gravity score of 8.4 / 10 (high), according to NVD.
All versions between 5.9.9.0 and 6.1.18.0 were considered vulnerable, and to secure their devices, users must update the latest version of armory: which can be carried out by sailing towards settings> Update center> Check updates> Updates.
Asus said he had found no evidence that the flaw was abused in nature, but that users “always recommend” update their facilities as soon as possible.
Via Bleeping Compompute
