CVE-2025-0289
Last modified
CVE-2025-0289 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paragon-Software | Paragon Backup \& Recovery | >= 15, <= 17.39 |
| Paragon-Software | Paragon Disk Wiper | >= 15, <= 16 |
| Paragon-Software | Paragon Drive Copy | >= 15, <= 16 |
| Paragon-Software | Paragon Hard Disk Manager | >= 15, <= 17.39 |
| Paragon-Software | Paragon Migrate Os To Ssd | >= 4, <= 5 |
| Paragon-Software | Paragon Partition Manager | >= 15, <= 17.39 |
References
- https://www.kb.cert.org/vuls/id/726882Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-0289?
How severe is CVE-2025-0289?
How do I fix CVE-2025-0289?
Are you affected by CVE-2025-0289?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST