CVE-2025-0289

Summary

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.

Affected Software

VendorProductVersion RangeStatus
Paragon SoftwareMigrate OS to SSD4 <= 5affected
Paragon SoftwareDisk Wiper15 <= 16affected
Paragon SoftwareDrive Copy15 <= 16affected
Paragon SoftwareHard Disk Manager15 <= 17.39affected
Paragon SoftwareBackup and Recovery15 <= 17.39affected
Paragon SoftwarePartition Manager15 <= 17.39affected

Weaknesses

  • CWE-1287: Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References