CVE-2025-66678
Arbitrary Read/Write in Nil Hardware Editor HwRwDrv.sys
Publication date: 2026-03-04
Last updated on: 2026-03-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| faintsnow | hardware_read_&_write_utility | to 1.25.11.26 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the HwRwDrv.sys component of the Nil Hardware Editor Hardware Read & Write Utility version 1.25.11.26 and earlier. It allows attackers to perform arbitrary read and write operations by sending a specially crafted request to the driver.
Specifically, the driver exposes the ability to read and write Model-Specific Registers (MSRs) and physical memory via the Windows kernel function MmMapIoSpace. This exposure enables an attacker to execute arbitrary code in kernel mode.
A proof-of-concept exploit demonstrates that an attacker can escalate privileges by swapping the primary token of the current process to that of NT Authority\SYSTEM, effectively gaining SYSTEM-level privileges.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows an attacker to execute arbitrary code with kernel-level privileges.
An attacker who successfully exploits this vulnerability can escalate their privileges to SYSTEM level, gaining full control over the affected system.
With SYSTEM privileges, the attacker can bypass security controls, access sensitive data, modify system configurations, install malware, or disrupt system operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability exists in the HwRwDrv.sys driver component of the Nil Hardware Editor Hardware Read & Write Utility version 1.25.11.26 and earlier. Detection involves verifying the presence of this vulnerable driver on the system.'}, {'type': 'list_item', 'content': 'Check if the vulnerable driver HwRwDrv.sys is loaded on the system using the command: "driverquery | findstr HwRwDrv.sys"'}, {'type': 'list_item', 'content': 'Look for the presence of the driver file in common directories such as C:\\Users\\Public.'}, {'type': 'list_item', 'content': 'Use Windows PowerShell to list loaded drivers: "Get-WmiObject Win32_SystemDriver | Where-Object { $_.Name -eq \'HwRwDrv\' }"'}, {'type': 'paragraph', 'content': 'Since the vulnerability allows arbitrary MSR and physical memory read/write via the driver, monitoring for unusual kernel mode memory access or privilege escalation attempts may also help detect exploitation attempts, but specific detection commands are not provided.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or disabling the vulnerable HwRwDrv.sys driver from the system to prevent exploitation.
- Uninstall or update the Nil Hardware Editor Hardware Read & Write Utility to a version later than 1.25.11.26 if available.
- If an update is not available, remove the vulnerable driver file from locations such as C:\Users\Public.
- Restrict administrative privileges to prevent unauthorized execution of exploits requiring Administrator rights.
Monitor systems for suspicious activity related to kernel mode code execution or privilege escalation attempts.