CVE-2025-8302
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-10
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| realtek | wi-fi_usb_driver | to 1030.52.0325.2025 (exc) |
| realtek | rtl8811au | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8302 is a local privilege escalation vulnerability in the Realtek rtl81xx SDK Wi-Fi driver. It occurs due to improper validation of the length of user-supplied data before copying it into a fixed-length heap-based buffer within the N6CSet_DOT11_CIPHER_DEFAULT_KEY function. This leads to a heap-based buffer overflow, which an attacker who already has low-privileged code execution can exploit to escalate their privileges and execute arbitrary code with SYSTEM-level permissions. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker who has already gained low-level access to your system to escalate their privileges to SYSTEM level. This means they could execute arbitrary code with the highest system privileges, potentially leading to full control over the affected system, compromising confidentiality, integrity, and availability of data and system resources. [1]