VYPR

Armoury Crate

by Asus

CVEs (10)

  • CVE-2023-5716CriJan 19, 2024
    risk 0.64cvss 9.8epss 0.01

    ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.

  • CVE-2025-9968HigOct 13, 2025
    risk 0.55cvss epss 0.00

    A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update…

  • CVE-2025-3464HigJun 16, 2025
    risk 0.55cvss epss 0.01

    A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

  • CVE-2024-12957HigJan 23, 2025
    risk 0.55cvss epss 0.00

    A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

  • CVE-2025-1533HigMay 12, 2025
    risk 0.53cvss epss 0.00

    A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS…

  • CVE-2023-26911HigJul 26, 2023
    risk 0.51cvss 7.8epss 0.00

    ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.

  • CVE-2026-8070HigMay 29, 2026
    risk 0.47cvss epss 0.00

    Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '  Security Update for Armoury Crate App   ' section on…

  • CVE-2025-9337MedOct 13, 2025
    risk 0.44cvss epss 0.00

    A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more…

  • CVE-2022-38699MedSep 28, 2022
    risk 0.38cvss 5.9epss 0.00

    Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging…

  • CVE-2025-11775MedDec 17, 2025
    risk 0.31cvss epss 0.00

    An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series…