← All drivers
vulnerable
Driver

hwrwdrv.sys

Hardware Read and Write Utility driver (hardware-tweaker tool)

From Shuttle Inc. (signing publisher) / Nil Hardware Editor (NVD-attributed product)
Status
On a known-vulnerable list
Known variants
2 distinct hashes
Public CVEs
1
Field notes

hwrwdrv.sys is the kernel half of a hardware-tweaker utility that gives a user-mode program direct read and write access to physical memory and CPU model-specific registers. That is the same family of access primitive used by overclocking tools, BIOS utilities, and chipset diagnostics; in a lab it is useful, on a normal gaming PC it is mostly a liability.

The driver's provenance has two layers, both worth knowing about. The Authenticode signature on the public binary traces to a code-signing certificate issued to Shuttle Inc. (a long-standing hardware vendor). The National Vulnerability Database, however, attributes the vulnerable product itself to 'Nil Hardware Editor's Hardware Read and Write Utility' (CVE-2025-66678). The mismatch is a small reminder that a valid signature describes who paid for the cert, not always who built the tool that ships the driver.

The driver is on the LOLDrivers list (entry UUID e4609b54-cb25-4433-a75a-7a17f43cec00) and on Microsoft's Vulnerable Driver Blocklist.

If you find it on your system and you do not remember installing a hardware-tuning utility, uninstall whatever brought it in; the blocklist will keep the older signed build from loading.

What the record shows

hwrwdrv.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “hwrwdrv.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/hwrwdrv-sys