Cyber Resilience

CVE-2025-66678

CriticalPublic PoC

Published: 04 March 2026

Published
04 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0064 46.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-66678 is a critical-severity SQL Injection (CWE-89) vulnerability in Faintsnow Hardware Read \& Write Utility. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

An issue exists in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier, tracked as CVE-2025-66678 and published on 2026-03-04T17:16:17.387. This vulnerability enables attackers to execute arbitrary read and write operations via a crafted request, earning a CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H) and linked to CWEs NVD-CWE-noinfo and CWE-89.

Remote attackers, requiring no privileges or user interaction, can exploit this over the network with low complexity to perform arbitrary kernel memory reads and writes through the vulnerable driver. Successful exploitation could result in full system compromise, including privilege escalation, arbitrary code execution, and high impacts on confidentiality, integrity, and availability.

Advisories are not explicitly detailed, but references point to GitHub repositories at https://github.com/Faintsnow/HE and https://github.com/cwjchoi01/CVE-2025-66678, which may contain proof-of-concept code or further analysis. No specific patches or mitigation guidance is provided in the available information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel driver arbitrary R/W directly enables exploitation for privilege escalation and full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-22976Shared CWE-89
CVE-2025-53727Shared CWE-89
CVE-2026-33288Shared CWE-89
CVE-2026-26116Shared CWE-89
CVE-2025-49759Shared CWE-89
CVE-2025-61943Shared CWE-89
CVE-2025-47954Shared CWE-89
CVE-2025-59499Shared CWE-89
CVE-2024-35275Shared CWE-89
CVE-2025-48650Shared CWE-89

Affected Assets

faintsnow
hardware read \& write utility
≤ 1.25.11.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through patching or removal of the vulnerable HwRwDrv.sys driver directly prevents arbitrary kernel memory read and write exploitation via crafted requests.

prevent

Enforcing least functionality by disabling unnecessary hardware read/write utilities and their kernel drivers eliminates exposure to this remotely exploitable vulnerability.

prevent

Implementing input validation mechanisms on driver request entry points blocks crafted requests that enable arbitrary kernel memory read and write operations.

References