7.3

CVE-2025-63602

Exploit

EPSS 0.07%
Veröffentlicht 18.11.2025 00:00:00
Zuletzt bearbeitet 31.12.2025 02:24:57
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Awesomeminer ≫ Awesome Miner Version11.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.219

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

https://www.awesomeminer.com/download

Product

https://dreadsec.co/p/cve-2025-63602-hijacking-system-calls-with-a-popular-crypto-miner.html

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-63602

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-63602

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-63602

EUVD