CVE-2025-0289
CVE-2025-0289
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
03 Mar 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Paragon Software · Backup and RecoveryParagon Software · Disk WiperParagon Software · Drive CopyParagon Software · Hard Disk ManagerParagon Software · Migrate OS to SSDParagon Software · Partition ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →