CVE-2025-8299

NONE EPSS 3.5%

Published Sep 2, 202510mo ago · Modified Jun 17, 20261w ago

Published Sep 2, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the MgntActSet_TEREDO_SET_RS_PACKET function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25857.

Threat Intelligence

EPSS Exploit Probability

3.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-122

Affected Products 2

Vendor	Product	Version	Range
realtek	wi-fi_usb_driver	*	<1030.52.0325.2025
realtek	rtl8811au	*	any

References 1

zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-25-882/

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.