CVE-2025-44526

MEDIUM EPSS 27.6%

Published Jul 9, 202511mo ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Jul 9, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

27.6% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-20 Improper Input Validation Validation

CWE-284

Affected Products 2

Vendor	Product	Version	Range
realtek	rtl8762e_software_development_kit	1.4.0	any
realtek	rtl8762ekf-evb	*	any

References 3

realtek.com http://realtek.com

Broken Link
rtl8762ekf-evb.com http://rtl8762ekf-evb.com

Broken Link
github.com https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Realtek/Improper_Validation_of_BLE_PDU_Length.md

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.