Vulnerability Description
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paragon-Software | Paragon Backup \& Recovery | >= 15, <= 17.39 |
| Paragon-Software | Paragon Disk Wiper | >= 15, <= 16 |
| Paragon-Software | Paragon Drive Copy | >= 15, <= 16 |
| Paragon-Software | Paragon Hard Disk Manager | >= 15, <= 17.39 |
| Paragon-Software | Paragon Migrate Os To Ssd | >= 4, <= 5 |
| Paragon-Software | Paragon Partition Manager | >= 15, <= 17.39 |
References
- https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Vendor Advisory
- https://www.kb.cert.org/vuls/id/726882Third Party Advisory
- https://www.paragon-software.com/support/#patchesProduct
FAQ
What is CVE-2025-0289?
CVE-2025-0289 is a vulnerability with a CVSS score of 7.8 (HIGH). Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware,...
How severe is CVE-2025-0289?
CVE-2025-0289 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-0289?
Check the references section above for vendor advisories and patch information. Affected products include: Paragon-Software Paragon Backup \& Recovery, Paragon-Software Paragon Disk Wiper, Paragon-Software Paragon Drive Copy, Paragon-Software Paragon Hard Disk Manager, Paragon-Software Paragon Migrate Os To Ssd.