Mitigating transient execution attacks like Spectre in RISC-V processors requires cycle-accurate Register Transfer Level (RTL) simulation. However, existing methodologies face a severe dichotomy: simple bare-metal benchmarks lack crucial architectural features (e.g., virtual memory, privilege boundaries), while full-OS simulations incur prohibitive execution times. To bridge this gap, we propose a novel, lightweight RTL simulation framework that accurately models cross-privilege transitions (User and Supervisor modes) and virtual address translation without the overhead of a full OS payload. We validated this approach by simulating a realistic, cross-privilege Spectre-PHT attack on the out-of-order NaxRiscv core, achieving secret recovery in approximately 100,000 cycles. This drastically accelerates vulnerability characterization compared to Linux-boot environments. Ultimately, this low-noise environment provides hardware designers with an efficient tool to rapidly analyze transient vulnerabilities and evaluate the performance overhead of hardware countermeasures.