CVE-2025-63602
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-12-31
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| awesomeminer | awesome_miner | 11.2.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Awesome Miner versions up to 11.2.4 due to an insecure implementation of the WinRing0 driver (version 1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys). The driver lacks a properly secured Discretionary Access Control List (DACL), which allows unprivileged users to read and write arbitrary kernel memory and Model-Specific Registers (MSRs) such as LSTAR. This means that an unprivileged user can interact with the kernel in unauthorized ways.
How can this vulnerability impact me? :
The vulnerability can lead to local privilege escalation, allowing an unprivileged user to gain higher privileges on the system. It can also cause information disclosure by exposing sensitive kernel memory contents, denial of service by destabilizing the system, and other unspecified impacts.