CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6398
https://notcve.org/view.php?id=CVE-2025-6398
01 Aug 2025 — A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the ' Security Update for for AI Suite 3 ' section on the ASUS Security Advisory for more information. Existe una vulnerabilidad de desreferencia de puntero nulo en el controlador IOMap64.sys de ASUS AI Suite 3. Esta vulnerabilidad puede ser activada por una entrada especialmente manipulada, lo que pue... • https://www.asus.com/content/security-advisory • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4570
https://notcve.org/view.php?id=CVE-2025-4570
21 Jul 2025 — An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information. An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section ... • https://www.asus.com/content/security-advisory • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4569
https://notcve.org/view.php?id=CVE-2025-4569
21 Jul 2025 — An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information. An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section ... • https://www.asus.com/content/security-advisory • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3464
https://notcve.org/view.php?id=CVE-2025-3464
16 Jun 2025 — A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on... • https://www.asus.com/content/asus-product-security-advisory • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1533
https://notcve.org/view.php?id=CVE-2025-1533
12 May 2025 — A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefi... • https://www.asus.com/content/asus-product-security-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3463
https://notcve.org/view.php?id=CVE-2025-3463
09 May 2025 — "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in AS... • https://www.asus.com/content/asus-product-security-advisory • CWE-295: Improper Certificate Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3462
https://notcve.org/view.php?id=CVE-2025-3462
09 May 2025 — "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverH... • https://www.asus.com/content/asus-product-security-advisory • CWE-346: Origin Validation Error •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2027
https://notcve.org/view.php?id=CVE-2025-2027
28 Mar 2025 — A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information. A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially craft... • https://www.asus.com/content/asus-product-security-advisory • CWE-415: Double Free •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1354
https://notcve.org/view.php?id=CVE-2025-1354
16 Feb 2025 — A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of the argument SSID leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.295962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12957
https://notcve.org/view.php?id=CVE-2024-12957
23 Jan 2025 — A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. Una vulnerabilidad en el comando de gestión de archivos en ciertas versiones de Armoury Crate puede provocar la eliminación arbitraria de archivos. Consulta la sección "Actualización de seguridad del 23/01/2025 para la aplicación Armoury Crate" en el Aviso de seguridad de A... • https://www.asus.com/content/asus-product-security-advisory • CWE-306: Missing Authentication for Critical Function •