CVE-2025-8298
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-10
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| realtek | wi-fi_usb_driver | to 1030.52.0325.2025 (exc) |
| realtek | rtl8811au | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8298 is an information disclosure vulnerability in the Realtek RTL8811AU wireless driver, specifically in the function N6CQueryInformationHandleCustomized11nOids. The flaw is caused by improper validation of user-supplied data, which leads to an out-of-bounds read past the end of an allocated buffer. An attacker must have the ability to execute low-privileged code locally to exploit this vulnerability. While it primarily allows disclosure of sensitive information, it can be combined with other vulnerabilities to execute arbitrary code with kernel-level privileges. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with low privileges to disclose sensitive information from the affected system. Additionally, if combined with other vulnerabilities, it could enable the attacker to execute arbitrary code with kernel-level privileges, potentially leading to full system compromise. [1]