ZDI: Published Advisories The following is a list of publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure. All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy.
- ZDI-25-886: Digilent DASYLab DSB File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
on September 4, 2025 at 5:00 amThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-9189.
- ZDI-25-885: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerabilityon September 4, 2025 at 5:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-9188.
- ZDI-25-887: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerabilityon September 4, 2025 at 5:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-57774.
- ZDI-25-888: Digilent DASYLab DSB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabilityon September 4, 2025 at 5:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-57775.
- ZDI-25-889: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerabilityon September 4, 2025 at 5:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-57776.
- ZDI-25-884: QEMU uefi-vars Uninitialized Memory Information Disclosure Vulnerabilityon September 4, 2025 at 5:00 am
This vulnerability allows local attackers to disclose sensitive information on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2025-8860.
- ZDI-25-890: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerabilityon September 4, 2025 at 5:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-57777.
- ZDI-25-891: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerabilityon September 4, 2025 at 5:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-57778.
- ZDI-25-882: Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerabilityon September 2, 2025 at 5:00 am
This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-8299.
- ZDI-25-879: Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerabilityon September 2, 2025 at 5:00 am
This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-8302.
