CVE-2024-11857 HIGH

CVE-2024-11857: Realtek Bluetooth HCI Adaptor - Privilege Escalation

Vendor Realtek
Product Bluetooth HCI Adaptor
Weakness CWE-59
Published June 2, 2025
Last update June 2, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary file deletion to privilege escalation.

Key dates

02Disclosure timeline

June 2, 2025 CVE published
June 2, 2025 Record updated