CVE-2025-9338
HIGHASUS Armoury Crate - Local Privilege Escalation via AsIO3.sys Driver Buffer Overflow
Title source: llmDescription
A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://www.asus.com/security-advisory/
Scores
CVSS v4
7.3
EPSS
0.0002
EPSS Percentile
5.9%
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (1)
ASUS/Armoury Crate
6.2.11 and earlier
Published
Nov 06, 2025
Tracked Since
Feb 18, 2026