Skip to main content

Realtek NDIS Driver CVE-2025-60419

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2025-10-24 cve@mitre.org
6.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Changed PR:N to PR:L because the description explicitly requires a local authenticated attacker; all other metrics align with a local, low-complexity, availability-only DoS.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 04:17 vuln.today

DescriptionCVE.org

An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service.

AnalysisAI

Denial of service in the Realtek NDIS Usermode IO driver (RtkIOAC60.sys v6.0.5600.16348) on Windows allows a local authenticated attacker to crash or hang the driver by sending a specially crafted IOCTL request to the device. The root cause is uncontrolled resource consumption (CWE-400), meaning the driver fails to properly validate or bound input from the IOCTL, leading to availability loss. No public exploit code or active exploitation has been identified at time of analysis; EPSS sits at the 4th percentile, reflecting minimal observed scanning or exploitation activity.

Technical ContextAI

The affected component is RtkIOAC60.sys, a Realtek kernel-mode NDIS (Network Driver Interface Specification) usermode I/O driver, version 6.0.5600.16348, targeting Windows systems equipped with Realtek 802.11ac (AC60-class) wireless network adapters. NDIS drivers expose device objects accessible via DeviceIoControl Win32 API calls; if the driver's IOCTL dispatch handler does not validate payload size, type, or buffer parameters before processing them, an attacker can supply a malformed buffer that causes unbounded memory allocation, looping, or a kernel panic under CWE-400. A researcher published findings at splineuser.github.io/posts/RTKVuln/, suggesting some level of technical detail is publicly accessible even though no weaponized exploit has been confirmed.

Affected ProductsAI

The vulnerability affects RtkIOAC60.sys at version 6.0.5600.16348, which is the Realtek 802.11ac NDIS Usermode IO driver for Windows. No CPE string was provided in the NVD data. The vendor reference at http://ndis.com and the researcher's writeup at https://splineuser.github.io/posts/RTKVuln/ are the primary sources; the exact range of Windows OS versions or device models shipping this driver version has not been independently confirmed from the available data. Organizations using Realtek AC-class wireless adapters on Windows should check the installed driver version against 6.0.5600.16348.

RemediationAI

The primary fix is to update the Realtek NDIS driver (RtkIOAC60.sys) to a version beyond 6.0.5600.16348; however, no specific patched version number is confirmed from the available reference data - the vendor advisory at http://ndis.com should be consulted for the official patch. If an update is not immediately available, a practical compensating control is to restrict local access to the affected device object by tightening device ACLs or by removing or disabling the driver on hosts where 802.11ac wireless functionality is not required. Restricting which local accounts can call DeviceIoControl on the driver reduces the attack surface, at the cost of potentially disrupting wireless stack functionality. Monitoring for anomalous IOCTL traffic from unprivileged processes to kernel driver objects can provide detection capability.

Share

CVE-2025-60419 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy