What is CVE-2025-3464?

CVE-2025-3464 is a vulnerability in Asus Armoury Crate, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. Published 2025-06-16.

Is CVE-2025-3464 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Asus Armoury Crate

CVE-2025-3464

A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASU…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.001 (24.1th percentile) — read the EPSS interpretation.

Affected products

Asus Armoury Crate — versions v5.9.9.0~v6.1.18

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

Public proof-of-concept exploits

jeffaf/CVE-2025-3464-AsIO3-LPE

References

www.asus.com/content/asus-product-security-advisory/ (vendor-advisory)
talosintelligence.com/vulnerability_reports/TALOS-2025-2150

Frequently asked questions

What is CVE-2025-3464?: CVE-2025-3464 is a vulnerability in Asus Armoury Crate, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. Published 2025-06-16.
Is CVE-2025-3464 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.