Your RGB controller and PDF reader were nearly turned into cyberattack tools, thanks to serious security flaws just discovered.
Even well-known apps can have vulnerabilities. Cisco’s cybersecurity arm, Talos, has identified a set of critical flaws in two widely used programs: Asus Armoury Crate and Adobe Acrobat Reader.
There are four vulnerabilities in total, two in each application. Although these issues have been patched, they could have been exploited to hijack systems, steal data, or elevate user privileges.
Asus Armoury Crate, which manages RGB lighting, fan control, and system updates, comes pre-installed on many Asus and Republic of Gamers (ROG) laptops.
Two major issues were found in version 5.9.13.0. The first, tracked as CVE-2025-1533, is a buffer overflow in the core driver. A specially crafted system request could allow an attacker to crash the system or run harmful code, giving them control through the lighting software.
The second flaw, CVE-2025-3464, is an authorization bypass in the same driver. By creating a specific file link, a hacker could trick the system into granting unauthorized access.
Adobe Acrobat Reader, a leading PDF viewer, was also found to contain two critical vulnerabilities. CVE-2025-43578 is an out-of-bounds read issue tied to the way fonts are handled. A malicious font embedded in a PDF could prompt the software to access unauthorized data, risking exposure of sensitive information.
Even more serious is CVE-2025-43576, a use-after-free flaw in how Acrobat processes annotation objects. By embedding JavaScript in a PDF, an attacker could reuse memory that had already been freed, leading to memory corruption and potentially allowing code execution on the victim’s device.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
