asio3.sys
ASUS Aura / Armoury Crate kernel driver (3rd-gen)
AsIO3.sys is the third-generation ASUS hardware-access driver used by Aura RGB and Armoury Crate for low-level access to motherboards, peripherals, and RGB devices. It is common on systems with ASUS motherboards or peripherals running ASUS software.
Cisco Talos published two AsIO3 vulnerabilities: CVE-2025-1533 (a stack-based buffer overflow during path conversion) and CVE-2025-3464 (an authorization bypass that defeats the driver's own caller-identity check, giving any local user access to the driver's privileged functionality). Talos demonstrated a working local privilege escalation to SYSTEM. ASUS patched Armoury Crate; older signed builds continue to surface.
If the Windows Vulnerable Driver Blocklist on a recent build of Windows 11 starts complaining about AsIO.sys after login, that is the same story: an older ASUS utility still has its older driver registered. Update Armoury Crate to current.
asio3.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 7 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “asio3.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/asio3-sys
