Arbitrary Kernel Memory Vulnerability in Paragon Partition Manager by Paragon Software
CVE-2025-0288

7.8HIGH

Key Information:

Vendor: Paragon Software
Status: Partition Manager; Hard Disk Manager; Backup And Recovery; Drive Copy
Vendor: CVE Published:; 3 March 2025

Summary

Paragon Partition Manager version 7.9.1 has a vulnerability that allows attackers to exploit the memmove function, which fails to adequately verify or sanitize user-controlled input. This oversight enables attackers to manipulate kernel memory, potentially leading to privilege escalation. Users of this product should be aware of the risks and apply updates or security patches provided by Paragon Software to mitigate this vulnerability.

Affected Version(s)

Backup and Recovery 15 <= 17.39

Disk Wiper 15 <= 16

Drive Copy 15 <= 16

References

https://www.kb.cert.org/vuls/id/726882

https://paragon-software.zendesk.com/hc/en-us/articles/32...

https://www.paragon-software.com/support/#patches

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 6, 2025