{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0289", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2025-01-06T19:15:26.403Z", "datePublished": "2025-03-03T16:24:38.134Z", "dateUpdated": "2025-03-05T13:38:36.048Z"}, "containers": {"cna": {"title": "CVE-2025-0289", "descriptions": [{"lang": "en", "value": "Paragon Partition Manager version 17, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Paragon Software", "product": "Paragon Partition Manager", "versions": [{"status": "affected", "version": "V17"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "references": [{"url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys"}, {"url": "https://www.kb.cert.org/vuls/id/726882"}, {"url": "https://www.paragon-software.com/support/#patches"}], "x_generator": {"engine": "VINCE 3.0.13", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-0289"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2025-03-05T13:38:36.048Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T15:21:49.572240Z", "id": "CVE-2025-0289", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:23:04.627Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-0289", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-04T15:21:49.572240Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:22:18.527Z"}}], "cna": {"title": "CVE-2025-0289", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Paragon Software", "product": "Paragon Partition Manager", "versions": [{"status": "affected", "version": "V17"}]}], "references": [{"url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys"}, {"url": "https://www.kb.cert.org/vuls/id/726882"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.13", "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-0289"}, "descriptions": [{"lang": "en", "value": "Paragon Partition Manager version 17, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2025-03-03T16:24:38.134Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0289", "state": "PUBLISHED", "dateUpdated": "2025-03-04T15:23:04.627Z", "dateReserved": "2025-01-06T19:15:26.403Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2025-03-03T16:24:38.134Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Paragon Partition Manager version 17, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service."}, {"lang": "es", "value": "La versi\u00f3n 17 de Paragon Partition Manager, tanto la versi\u00f3n comunitaria como la empresarial, contienen una vulnerabilidad de acceso inseguro a los recursos del kernel facilitada por el controlador que no valida el puntero MappedSystemVa antes de pasarlo a HalReturnToFirmware, lo que puede permitir a un atacante comprometer el servicio."}], "id": "CVE-2025-0289", "lastModified": "2025-03-05T14:15:36.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-03T17:15:13.943", "references": [{"source": "cret@cert.org", "url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys"}, {"source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/726882"}, {"source": "cret@cert.org", "url": "https://www.paragon-software.com/support/#patches"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}