CVE-2025-66678
Published: 04 March 2026
Summary
CVE-2025-66678 is a critical-severity SQL Injection (CWE-89) vulnerability in Faintsnow Hardware Read \& Write Utility. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation through patching or removal of the vulnerable HwRwDrv.sys driver directly prevents arbitrary kernel memory read and write exploitation via crafted requests.
Enforcing least functionality by disabling unnecessary hardware read/write utilities and their kernel drivers eliminates exposure to this remotely exploitable vulnerability.
Implementing input validation mechanisms on driver request entry points blocks crafted requests that enable arbitrary kernel memory read and write operations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Kernel driver arbitrary R/W directly enables exploitation for privilege escalation and full system compromise.
NVD Description
An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request.
Deeper analysisAI
An issue exists in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier, tracked as CVE-2025-66678 and published on 2026-03-04T17:16:17.387. This vulnerability enables attackers to execute arbitrary read and write operations via a crafted request, earning a CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H) and linked to CWEs NVD-CWE-noinfo and CWE-89.
Remote attackers, requiring no privileges or user interaction, can exploit this over the network with low complexity to perform arbitrary kernel memory reads and writes through the vulnerable driver. Successful exploitation could result in full system compromise, including privilege escalation, arbitrary code execution, and high impacts on confidentiality, integrity, and availability.
Advisories are not explicitly detailed, but references point to GitHub repositories at https://github.com/Faintsnow/HE and https://github.com/cwjchoi01/CVE-2025-66678, which may contain proof-of-concept code or further analysis. No specific patches or mitigation guidance is provided in the available information.
Details
- CWE(s)