CVE-2025-3464 – ASUS Armoury Crate Authentication Bypass

June 16, 2025

CVE ID : CVE-2025-3464

Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago

Description : A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass.
Refer to the ‘Security Update for Armoury Crate App’ section on the ASUS Security Advisory for more information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40726 – Nosto Reflected Cross-Site Scripting (XSS)

Next Article CVE-2025-6112 – Tenda FH1205 Buffer Overflow Vulnerability

Highlights

CVE-2025-46722 – VLLM Image Hash Collision Vulnerability

May 29, 2025

CVE ID : CVE-2025-46722

Published : May 29, 2025, 5:15 p.m. | 4 hours, 18 minutes ago

Description : vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30×100 and 100×30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

Don’t miss out on the best ROG Ally accessory deals going on now — Improve your gaming handheld PC with a microSD card, power bank, dock, and more

Regolith – A JavaScript library immune to ReDoS attacks

Regolith – A JavaScript library immune to ReDoS attacks

Create Your Own Redux: Build a Custom State Management in React

Perficient Nagpur Celebrates Contentstack Implementation Certification Success!

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

CVE-2025-3464 – ASUS Armoury Crate Authentication Bypass

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Full Guide to Understand Prompt Engineering

Fix: Windows 11 Update (KB5039302) Not Installing

CVE-2025-49597 – Apache Goodbye CSV Remote Code Execution

This Marshall Bluetooth speaker I tested sounds better than audio systems twice the price

CVE-2025-46722 – VLLM Image Hash Collision Vulnerability

Windows 11 File Explorer gets better theme accent support, progress bar looks darker

Transforming mainframes for government efficiency

“Every gamer should replace their AirPods with these.” — Prime Day has made these GameBuds cheaper than ever

CVE-2025-3464 – ASUS Armoury Crate Authentication Bypass

Related Posts