CVE-2025-8301 | THREATINT

Description

Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the N6CSet_DOT11_CIPHER_DEFAULT_KEY function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24786.

PUBLISHED Reserved 2025-07-28 | Published 2025-09-02 | Updated 2025-09-03 | Assigner zdi

HIGH: 7.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-122: Heap-based Buffer Overflow

Product status

Default status

unknown

1030.38.712.2019

affected

References

www.zerodayinitiative.com/advisories/ZDI-25-880/ (ZDI-25-880)

cve.org (CVE-2025-8301)

nvd.nist.gov (CVE-2025-8301)

Download JSON