CVE-2025-63602

HIGH

Awesome Miner <11.2.4 - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-63602. PoCs published by D7EAD.

AI-analyzed exploit summary This PoC exploits an insecure driver in Awesome Miner 11.2.4 to achieve arbitrary kernel read/write access to MSRs, leading to kernel code execution. It demonstrates reading and writing to the MSR_LSTAR register, which can cause a system crash.

Description

A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts.

Exploits (1)

nomisec WORKING POC 3 stars
by D7EAD · poc
https://github.com/D7EAD/CVE-2025-63602

This PoC exploits an insecure driver in Awesome Miner 11.2.4 to achieve arbitrary kernel read/write access to MSRs, leading to kernel code execution. It demonstrates reading and writing to the MSR_LSTAR register, which can cause a system crash.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Awesome Miner 11.2.4
No auth needed
Prerequisites: Presence of the vulnerable WinRing0_1_2_0 driver
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.3
EPSS 0.0022
EPSS Percentile 12.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-126
Status published
Products (1)
awesomeminer/awesome_miner 11.2.4
Published Nov 18, 2025
Tracked Since Feb 18, 2026