Asus Armoury Crate
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Asus Armoury Crate.
By the Year
In 2026 there have been 0 vulnerabilities in Asus Armoury Crate. Last year, in 2025 Armoury Crate had 8 security vulnerabilities published. Right now, Armoury Crate is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 8 | 0.00 |
| 2024 | 1 | 9.80 |
| 2023 | 2 | 7.80 |
| 2022 | 1 | 5.90 |
It may take a day or so for new Armoury Crate vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Asus Armoury Crate Security Vulnerabilities
ASUS asComSvc OOB Read in Armoury Crate
CVE-2025-11775
- December 17, 2025
An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series products. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Out-of-bounds Read
ASUS Armoury Crate AsIO3.sys Local Privilege Escalation via Buffer Overflow
CVE-2025-9338
- November 06, 2025
A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory.
Buffer Overflow
ASUS AsIO3.sys NPE Crash in Armoury Crate
CVE-2025-9337
- October 13, 2025
A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
NULL Pointer Dereference
Buffer Overflow in AsIO3.sys driver of Asus Armoury Crate
CVE-2025-9336
- October 13, 2025
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Stack Overflow
Armoury Crate UnifyScanner Link-Following PrivEsc Vulnerability
CVE-2025-9968
- October 13, 2025
A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update for Armoury Crate App' in the ASUS Security Advisory.
insecure temporary file
Armoury Crate Race Condition TTOU Auth Bypass (CVE-2025-3464)
CVE-2025-3464
- June 16, 2025
A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
ASIO3.sys Buffer Overflow in ASUS Armoury Crate Driver
CVE-2025-1533
- May 12, 2025
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Arbitrary File Deletion via File Handling in Armoury Crate
CVE-2024-12957
- January 23, 2025
A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
ASUS Armoury Crate: Arbitrary File Write via HTTP (CVE-2023-5716)
CVE-2023-5716
9.8 - Critical
- January 19, 2024
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.
Missing Authentication for Critical Function
ASUS SetupAsusServices v1.0.5.1 unquoted svc path -> local privilege escalation (Armoury Crate <5.3.
CVE-2023-26911
7.8 - High
- July 26, 2023
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
Unquoted Search Path or Element
ASUS EC Tool Driver (d.sys) Priv Esc via Unprivileged IOCTL
CVE-2022-42455
7.8 - High
- February 15, 2023
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.
Armoury Crate Log SYMLINK Overwrite CVE-2022-38699
CVE-2022-38699
5.9 - Medium
- September 28, 2022
Armoury Crate Services logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Asus Armoury Crate or by Asus? Click the Watch button to subscribe.
