Out-Of-Bounds Read Vulnerability in Realtek RTL8811AU Driver
CVE-2025-8298

3.8LOW

Key Information:

Vendor: Realtek
Status: Rtl8811au
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-8298?

The Realtek RTL8811AU driver has a vulnerability in the N6CQueryInformationHandleCustomized11nOids function which leads to an out-of-bounds read condition. This flaw arises from inadequate validation of user-supplied data, allowing local attackers to exploit this issue and potentially disclose sensitive information. Successfully exploiting this vulnerability requires the attacker to have the capability to execute low-privileged code on the compromised system. This flaw could be leveraged in conjunction with other vulnerabilities to execute arbitrary code within the kernel context.

Affected Version(s)

RTL8811AU 1030.38.712.2019

References

https://www.zerodayinitiative.com/advisories/ZDI-25-881/

x_research-advisory

CVSS V3.0

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Jul 28, 2025