CVE-2025-3464

A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

CVSS

No CVSS.

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2150
https://www.asus.com/content/asus-product-security-advisory/
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2150

Configurations

No configuration.

History

No history.

Information

Published : 2025-06-16 09:15

Updated : 2025-06-17 01:15

NVD link : CVE-2025-3464

Mitre link : CVE-2025-3464

CVE.ORG link : CVE-2025-3464

JSON object : View

Products Affected

No product.

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"id": "CVE-2025-3464", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-16T09:15:19.233", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2150", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}, {"url": "https://www.asus.com/content/asus-product-security-advisory/", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2150", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass.\nRefer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information."}, {"lang": "es", "value": "Existe una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en Armoury Crate. Esta vulnerabilidad se debe a un problema de tiempo de uso y tiempo de comprobaci\u00f3n, que podr\u00eda provocar la omisi\u00f3n de la autenticaci\u00f3n. Consulta la secci\u00f3n \"Actualizaci\u00f3n de seguridad para la app Armoury Crate\" en el Aviso de seguridad de ASUS para obtener m\u00e1s informaci\u00f3n."}], "lastModified": "2025-06-17T01:15:22.120", "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}

CVE-2025-3464

JSON object

Attach tags to CVE-2025-3464

Attach tags to `CVE-2025-3464`