Description
An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series products. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://www.asus.com/security-advisory
Scores
CVSS v4
4.8
EPSS
0.0003
EPSS Percentile
7.2%
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (1)
ASUS/Armoury Crate
v6.3.4 and earlier
Published
Dec 17, 2025
Tracked Since
Feb 18, 2026