Home / Vulnerability Intelligence / CVE-2025-66678

CVE-2025-66678 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 5, 2026

Nil Hardware Editor Hardware Read & Write Utility - Arbitrary Read & Write

Published: March 4, 2026Updated: March 5, 2026PoC AvailableRemote Exploitable

Overview

Nil Hardware Editor Hardware Read & Write Utility <= 1.25.11.26 contains an arbitrary read and write vulnerability caused by improper handling in HwRwDrv.sys, letting attackers execute arbitrary read and write operations remotely, exploit requires crafted request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Attackers can perform arbitrary read and write operations, potentially leading to system compromise or data manipulation.

Mitigation

Update to the latest version.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 5, 2026

🔴 CVE-2025-66678 - Critical (9.8) An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66678/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/cwjchoi01/CVE-2025-66678

Related Resources

Details

CVE ID: CVE-2025-66678
Severity: Critical
CVSS Score: 9.8
Type: undefined
Status: unconfirmed
EPSS: 4.6%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.6%Probability of exploitation in the next 30 days