Published
2025-05-12
·
Updated
2025-07-02
·
CVE-2025-1533
8.2
High
| Base vector | Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
ASUS Armoury Crate versions V6.1.13 and earlier
Description:
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, which may lead to a system crash (BSOD) or other potentially undefined execution. The issue can be caused by manipulating file paths, particularly when the path contains `?` and the length exceeds 255 characters.
Recommendations:
For ASUS Armoury Crate versions V6.1.13 and earlier, refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information on how to resolve the issue. As a temporary workaround, consider restricting access to the AsIO3.sys driver to minimize the risk of exploitation.
Fix
Stack Overflow