Your RGB controller and PDF reader almost became cyberattack launchpads, thanks to critical flaws just uncovered.
Even our most trusted apps can be vulnerable to cyberattacks. Cisco’s cybersecurity division, Talos, has uncovered a new batch of vulnerabilities lurking inside widely used software: Asus Armoury Crate and Adobe Acrobat Reader.
Four flaws were found in total, split evenly between the two platforms. Now, patched vulnerabilities could have served attackers in hijacking systems, stealing data, or escalating user privileges.
Asus Armoury Crate, the software that controls RGB lights, fan speeds, and system updates, is often bundled with Asus and Republic of Gamers (ROG) laptops.
Two severe security weaknesses were found in version 5.9.13.0 of Armoury Crate, which, if exploited, could allow an unprivileged user to gain elevated access.
The first flaw, CVE-2025-1533, is a buffer overflow in the app’s core driver. By sending the right kind of system request, a hacker could crash the system or run malicious code, basically hijacking your PC through a lighting control tool.
The second, CVE-2025-3464, is an authorization bypass in the same driver. By creating a file link, an attacker could trick the system into granting access they shouldn’t have.
Adobe Acrobat Reader, a program widely used for reading PDFs, also had two critical flaws. The first one, named CVE-2025-43578, was an out-of-bounds read vulnerability in how Acrobat handles fonts.
An attacker could have exploited it by embedding a malicious font into a PDF, tricking the software into reading data it shouldn’t, and potentially leaking sensitive information.
But even more dangerous is CVE-2025-43576, a use-after-free vulnerability buried in Acrobat’s annotation object processing. JavaScript payload inside a PDF could reuse a previously freed object, causing memory corruption and possibly allowing the attacker to execute code on the victim’s machine.
Your email address will not be published. Required fields are markedmarked