← back
CVE-2025-0289

CVE-2025-0289

CVSS 7.8 HIGHEPSS 0.3%
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Paragon Software · Backup and RecoveryParagon Software · Disk WiperParagon Software · Drive CopyParagon Software · Hard Disk ManagerParagon Software · Migrate OS to SSDParagon Software · Partition Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-syshttps://www.kb.cert.org/vuls/id/726882https://www.paragon-software.com/support/#patches