Insecure Kernel Resource Access in Paragon Partition Manager by Paragon Software
CVE-2025-0289

7.8HIGH

Key Information:

Vendor
Paragon Software
Status
Paragon Partition Manager
Vendor
CVE Published:
3 March 2025

Badges

📈 Score: 885💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-0289?

CVE-2025-0289 is a security vulnerability found in Paragon Partition Manager, a software solution provided by Paragon Software that enables users to manage disk partitions efficiently. This vulnerability arises from insecure kernel resource access, specifically due to a failure in validating the MappedSystemVa pointer before it is processed by the system's firmware. This can lead to potential service compromises, allowing unauthorized entities to exploit this weakness and negatively impact organizational operations by manipulating system partitioning features.

Technical Details

The vulnerability exists primarily in version 17 of the Paragon Partition Manager, including both its community and business variants. The insecure handling of the MappedSystemVa pointer in the driver contributes to an amplified risk of exploitation. Proper validation is crucial in kernel operations, and the lack of this can expose critical functions to malicious actors, enabling them to potentially undermine system integrity or gain unauthorized access.

Potential impact of CVE-2025-0289

  1. Service Compromise: Attackers may exploit this vulnerability to take control of the Paragon Partition Manager service, leading to unauthorized changes in disk partition configurations or system operations.

  2. System Integrity Risks: Exploitation could result in harmful alterations to the system's storage structure, threatening the reliability and integrity of important data stored within affected partitions.

  3. Increased Attack Surface: The vulnerability broadens the potential attack avenues against systems utilizing Paragon Partition Manager, making them more susceptible to future exploitation and potential data breaches.

Affected Version(s)

Paragon Partition Manager V17

News Articles

favicon imageThe Register

Ransomware scum abusing Microsoft Windows-signed driver

Ransomware crooks are exploiting a third-party Windows kernel-level driver used and provided by disk management tool Paragon Partition Manager. Paragon Partition Manager is a software tool that allows users...

3 weeks ago

favicon imageCybersecurityNews

Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks

Five critical memory flaws in Paragon Partition Manager's BioNTdrv.sys driver have been discovered, allowing attackers to escalate privileges.

3 weeks ago

favicon imageThe Hacker News

Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks

Paragon Software patches CVE-2025-0289, a zero-day flaw in BioNTdrv.sys, exploited for privilege escalation and ransomware

3 weeks ago

References

https://paragon-software.zendesk.com/hc/en-us/articles/32...
https://www.kb.cert.org/vuls/id/726882
https://www.paragon-software.com/support/#patches

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • Vulnerability published

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability Reserved

.