ГлавнаяУязвимости → CVE-2025-0289
7.8высокая

CVE-2025-0289

Описание

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.

Затрагиваемое ПО
Paragon-software Paragon backup \& recoveryParagon-software Paragon disk wiperParagon-software Paragon drive copyParagon-software Paragon hard disk managerParagon-software Paragon migrate os to ssdParagon-software Paragon partition manager
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-syshttps://www.kb.cert.org/vuls/id/726882https://www.paragon-software.com/support/#patches