CVE-2025-44531

| EUVD-2025-19037 HIGH
2025-06-24 [email protected]
Denial Of Service Rtl8762e Software Development Kit
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19037
PoC Detected
Jul 09, 2025 - 19:07 vuln.today
Public exploit code
CVE Published
Jun 24, 2025 - 16:15 nvd
HIGH 7.5

DescriptionNVD

An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.

AnalysisAI

CVE-2025-44531 is a Denial of Service vulnerability in Realtek RTL8762E SDK v1.4.0 that allows unauthenticated remote attackers to crash Bluetooth-enabled devices by sending a specially crafted packet before the pairing public key exchange is completed. The vulnerability affects Bluetooth Low Energy (BLE) implementations using the vulnerable SDK version, with a CVSS score of 7.5 indicating high severity. No public exploit code or active exploitation in the wild has been reported at the time of this analysis.

Technical ContextAI

The vulnerability exists in Realtek's RTL8762E Bluetooth Low Energy stack (RTL8762EKF-EVB evaluation board), specifically in SDK version 1.4.0. The root cause is classified under CWE-400 (Uncontrolled Resource Consumption), indicating improper handling of incoming Bluetooth pairing frames. During the BLE pairing handshake, the vulnerability occurs when a malformed or crafted packet is sent prior to the legitimate public key exchange phase. The RTL8762E is a Bluetooth LE SoC commonly used in IoT devices, wearables, and embedded systems. The affected component likely resides in the Bluetooth stack's pairing state machine, which fails to validate packet structure or sequence state before processing the pairing request, leading to uncontrolled resource consumption (memory exhaustion, stack overflow, or infinite loop) that causes device crash or unresponsiveness.

RemediationAI

Vendor Patch: Upgrade RTL8762E SDK to version > 1.4.0 when available from Realtek. Contact Realtek directly at their semiconductor support portal for patched SDK releases.; priority: Critical for new deployments Firmware Update: End-device manufacturers should rebuild and release firmware updates for products using RTL8762E SDK v1.4.0. Check manufacturer support pages for device-specific updates.; priority: High Temporary Mitigation: Disable or restrict Bluetooth pairing mode when not actively pairing new devices. Implement network-level filtering to restrict Bluetooth advertisement/pairing requests to trusted devices only (if supported by device firmware).; priority: Immediate Workaround: Implement rate limiting or packet validation at the Bluetooth stack layer to reject malformed pairing frames before they reach the vulnerable pairing state machine.; priority: Engineering-dependent Monitoring: Monitor Realtek security advisories and CVE databases for CVE-2025-44531 patch announcements. Subscribe to vendor security mailing lists.; priority: Ongoing

Share

CVE-2025-44531 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy