CVE-2025-9338 | THREATINT

Description

A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory.

PUBLISHED Reserved 2025-08-22 | Published 2025-11-06 | Updated 2025-11-06 | Assigner ASUS

HIGH: 7.3CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status

unaffected

6.2.11 and earlier

affected

References

www.asus.com/security-advisory/ vendor-advisory

cve.org (CVE-2025-9338)

nvd.nist.gov (CVE-2025-9338)

Download JSON