CVE-2025-63602

Name of the Vulnerable Software and Affected Versions Awesome Miner versions through 11.2.4

Description A flaw exists in Awesome Miner that permits unauthorized read and write access to kernel memory and Model Specific Registers (MSRs), including LSTAR, even for users without administrative privileges. This is a result of an insecure implementation of WinRing0 (version 1.2.0.5, rebranded as IntelliBreeze.Maintenance.Service.sys) which has a deficient Discretionary Access Control List (DACL). This inadequate DACL allows non-privileged users to interact with the driver and, consequently, the kernel. Successful exploitation could lead to local privilege escalation, information disclosure, denial of service, and other potential consequences.

Recommendations Versions prior to 11.2.5 should be updated.