CVE-2025-0289

{"id": "CVE-2025-0289", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-03-03T17:15:13.943", "references": [{"url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/726882", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://www.paragon-software.com/support/#patches", "tags": ["Product"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service."}, {"lang": "es", "value": "La versi\u00f3n 17 de Paragon Partition Manager, tanto la versi\u00f3n comunitaria como la empresarial, contienen una vulnerabilidad de acceso inseguro a los recursos del kernel facilitada por el controlador que no valida el puntero MappedSystemVa antes de pasarlo a HalReturnToFirmware, lo que puede permitir a un atacante comprometer el servicio."}], "lastModified": "2025-06-25T16:49:25.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paragon-software:paragon_backup_\\&_recovery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79494FF3-97A2-4DFA-AFE8-3A4E1C4F2C67", "versionEndIncluding": "17.39", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B71A5C9-A1A5-4965-B430-6401C5D87704", "versionEndIncluding": "16", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AEEBDE5-02CD-469E-84BC-4EADCB3BEFC9", "versionEndIncluding": "16", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F70FA517-5000-41D9-BAF4-4853C0C2E2F2", "versionEndIncluding": "17.39", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54699509-C197-4AE6-B1DC-D53365128BD6", "versionEndIncluding": "5", "versionStartIncluding": "4"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDBED8CE-A90D-48DC-89F6-CA5EF10DD12C", "versionEndIncluding": "17.39", "versionStartIncluding": "15"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}