CVE-2025-63602 is a vulnerability identified in Awesome Miner software versions through 11.2.4, stemming from the use of an insecure version of the WinRing0 kernel driver (version 1.2.0.5), which has been renamed to IntelliBreeze.Maintenance.Service.sys within the product. The core issue lies in the driver's lack of a properly secured Discretionary Access Control List (DACL), which governs access permissions. This misconfiguration permits any unprivileged local user to interact directly with the driver, enabling arbitrary read and write operations to kernel memory and Model-Specific Registers (MSRs), such as the LSTAR register that controls system call entry points. This capability effectively allows an attacker to escalate privileges from a standard user to SYSTEM or kernel level, bypassing normal security boundaries. The vulnerability is classified under CWE-126 (Buffer Over-read), indicating that improper handling of memory boundaries contributes to the issue. The CVSS v3.1 base score is 7.3 (high), reflecting network attack vector with no privileges or user interaction required, and impacts on confidentiality, integrity, and availability. While no public exploits have been reported yet, the vulnerability's characteristics suggest it could be weaponized for local privilege escalation, information theft, or denial of service attacks. The lack of a patch link indicates that remediation may require vendor intervention or manual mitigation steps. Organizations using Awesome Miner, particularly in environments where multiple users have local access, are at risk of compromise if this vulnerability is exploited.

For European organizations, the impact of CVE-2025-63602 can be severe, especially in sectors relying on Awesome Miner for cryptocurrency mining management or other operational tasks. Successful exploitation allows attackers to gain kernel-level privileges from an unprivileged account, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, disruption of mining operations or other critical services, and the ability to deploy persistent malware or ransomware. The vulnerability also poses a risk of denial of service, which could interrupt business continuity. Given the increasing regulatory scrutiny in Europe around data protection (e.g., GDPR) and operational resilience, exploitation could lead to significant legal and financial consequences. Organizations with shared or multi-user environments are particularly vulnerable, as any local user could escalate privileges. Additionally, the ability to manipulate kernel memory and MSRs could facilitate sophisticated attacks that evade detection and complicate incident response efforts.

To mitigate CVE-2025-63602, European organizations should immediately assess their use of Awesome Miner and identify any installations running versions up to 11.2.4. Since no official patch is currently linked, organizations should consider the following specific actions: 1) Restrict local user access to systems running Awesome Miner to trusted personnel only, minimizing the risk of unprivileged exploitation. 2) Employ application whitelisting and endpoint protection solutions capable of detecting anomalous driver interactions or unauthorized kernel memory access. 3) Monitor system logs and kernel driver activity for unusual behavior indicative of exploitation attempts. 4) If feasible, disable or remove the vulnerable WinRing0/IntelliBreeze.Maintenance.Service.sys driver until a vendor patch is available, understanding this may impact functionality. 5) Engage with the vendor for updates or patches and apply them promptly once released. 6) Implement strict access controls and harden system configurations to reduce the attack surface. 7) Conduct user awareness training to prevent inadvertent local access by unauthorized users. These targeted measures go beyond generic advice by focusing on controlling local access and monitoring kernel-level interactions specific to this vulnerability.