CVE-2025-0289

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0289
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
CVSS

No CVSS.

References
Link Resource
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys Vendor Advisory
https://www.kb.cert.org/vuls/id/726882 Third Party Advisory
https://www.paragon-software.com/support/#patches Product
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:paragon-software:paragon_backup_\&_recovery:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*
History

25 Jun 2025, 16:49

Type Values Removed Values Added
First Time Paragon-software paragon Drive Copy
Paragon-software paragon Migrate Os To Ssd
Paragon-software paragon Disk Wiper
Paragon-software
Paragon-software paragon Partition Manager
Paragon-software paragon Backup \& Recovery
Paragon-software paragon Hard Disk Manager
References () https://www.kb.cert.org/vuls/id/726882 - () https://www.kb.cert.org/vuls/id/726882 - Third Party Advisory
References () https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys - () https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys - Vendor Advisory
References () https://www.paragon-software.com/support/#patches - () https://www.paragon-software.com/support/#patches - Product
CPE cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_backup_\&_recovery:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

14 Apr 2025, 21:15

Type Values Removed Values Added
Summary Paragon Partition Manager version 17.9.1, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service. Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.

27 Mar 2025, 20:15

Type Values Removed Values Added
Summary Paragon Partition Manager version 17, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service. Paragon Partition Manager version 17.9.1, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.

05 Mar 2025, 14:15

Type Values Removed Values Added
References
  • () https://www.paragon-software.com/support/#patches -

03 Mar 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-03 17:15

Updated : 2025-06-25 16:49

NVD link : CVE-2025-0289

Mitre link : CVE-2025-0289

JSON object : View

Products Affected

paragon-software

  • paragon_disk_wiper
  • paragon_migrate_os_to_ssd
  • paragon_backup_\&_recovery
  • paragon_hard_disk_manager
  • paragon_drive_copy
  • paragon_partition_manager
CWE
NVD-CWE-noinfo