Riot Vanguard patches critical motherboard security flaw exploited by cheaters

Riot Games has announced a major security update to Riot Vanguard, its anti-cheat system, following the discovery of a critical flaw in modern motherboards that could allow hardware cheats to bypass detection. The vulnerability affects a wide range of motherboards from major manufacturers and represents what Riot calls “a significant achievement” for the gaming industry’s security posture.

Riot Vanguard Security Gap

Riot revealed that certain motherboards incorrectly signal to operating systems that security features are active when they’re actually failing to initialize properly during the boot process. The issue centers on “Pre-Boot DMA Protection,” a security feature that leverages a system’s IOMMU (Input-Output Memory Management Unit) to prevent unauthorized Direct Memory Access during early boot stages. While BIOS settings appeared to show this protection as enabled, the underlying hardware wasn’t fully initializing the IOMMU during those critical first seconds.

“In essence, the system’s ‘bouncer’ appeared to be on duty, but was actually asleep in the chair,” explained ItsGamerDoc, Staff Anti-Cheat Analyst at Riot Games. “This brief window is all a sophisticated hardware cheat needs to sneak in, inject code, and hide itself before Vanguard wakes up.”

Understanding the Boot Process Vulnerability

The problem stems from how computers initialize at power-on. During boot, the system loads components in a specific order, with earlier-loading components having higher privileges than those that load later. Since the operating system loads near the end of this process, cheats that load earlier can gain elevated privileges and effectively hide from detection.

DMA devices—hardware that plugs into a PC and accesses memory directly, bypassing the CPU and Windows—have long been one of the most effective (and expensive) forms of cheating. The IOMMU is designed to act as a gatekeeper, checking credentials for every device attempting to access memory. When this gatekeeper fails to initialize properly, it creates an exploitable security gap.

Industry-Wide Implications

Riot shared its findings with hardware partners earlier this year, and major manufacturers have since released comprehensive BIOS updates to address the vulnerability. Affected companies include:

• ASUS (CVE-2025-11901)
• Gigabyte (CVE-2025-14302)
• MSI (CVE-2025-14303)
• ASRock (CVE-2025-14304)

“Had this issue gone unnoticed, it would have completely nullified all existing DMA detection and prevention tech currently on the market—including that of other gaming companies—due to the nature of this class of cheats running in a privileged area that anti-cheats typically do not run,” ItsGamerDoc noted.

What Players Need to Know

Riot’s VAN:Restriction system will now prompt affected players to update their motherboard firmware before they can launch VALORANT. These restrictions are applied when Vanguard detects suspicious hardware behavior or configurations that match patterns used by cheaters.

“Getting one of these warnings doesn’t necessarily mean we suspect you of cheating,” Riot clarified. “It means that your current system configuration is too similar to cheaters who get around security features in order to become undetectable to Vanguard.”

Players who receive a restriction will need to either enable required security features or update their motherboard firmware following their manufacturer’s official guidance. Raising the gaming industry’s overall security posture has been a core focus for Riot since 2021.

Riot is also investigating extending these requirements to all players at the highest competitive ranks (Ascendant and above) to ensure a trusted security baseline at the top of the ladder.

What to do if I Receive a Restriction?

The VAN:Restriction system is Vanguard’s way of telling you Riot cannot guarantee system integrity due to the outlined disabled security features. This will prevent you from launching VALORANT, and you’ll see a pop up box stating what is required to enable so you can continue playing. These restrictions are applied on the account or HWID level when suspicious hardware behavior or statistical anomalies are detected. These anomalies can occur due to various factors including disabled security features, or in this case, the newly discovered pre-boot loophole that invalidates IOMMU.

Getting one of these warnings doesn’t necessarily mean you are suspected of cheating, it means that your current system configuration is too similar to cheaters who get around security features in order to become undetectable to Vanguard.

This minimum security baseline is essential for countering cheaters. If restricted, you are prompted to either enable said features or update your motherboard firmware by following your manufacturer’s official guidance before you can play. You can learn more about restrictions here. 

Proactive Steps for Players

Players can get ahead of potential interruptions by proactively updating their motherboard firmware to the latest version. Firmware updates are available through the respective manufacturers’ official websites. Those experiencing issues can reach out to Riot Support for general guidance or referrals to official manufacturer resources.

The security update represents Riot’s ongoing commitment to maintaining competitive integrity across its games. As ItsGamerDoc put it: “Raising the gaming industry’s overall security posture has been a core focus for us since 2021.”