CVE-2025-66678

CRITICAL

Nil Hardware Editor <1.25.11.26 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-66678. PoCs published by cwjchoi01.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-66678, leveraging MSR (Model-Specific Register) read/write operations to achieve local privilege escalation (LPE) on Windows systems. The exploit manipulates kernel structures to steal a token from the SYSTEM process, granting elevated privileges.

Description

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request.

Exploits (1)

nomisec WORKING POC 1 stars
by cwjchoi01 · poc
https://github.com/cwjchoi01/CVE-2025-66678

This repository contains a functional exploit for CVE-2025-66678, leveraging MSR (Model-Specific Register) read/write operations to achieve local privilege escalation (LPE) on Windows systems. The exploit manipulates kernel structures to steal a token from the SYSTEM process, granting elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Windows Kernel (specific version not explicitly stated, but likely affects multiple versions)
Auth required
Prerequisites: Administrative or local user access to load a vulnerable driver · Presence of a vulnerable driver (e.g., HwRwDrv)
devstral-2 · analyzed May 04, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0064
EPSS Percentile 45.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
faintsnow/hardware_read_\&_write_utility < 1.25.11.26
Published Mar 04, 2026
Tracked Since Mar 05, 2026