CVE-2025-0289

Published Mar 3, 2025

Last updated 7 days ago

CVSS high 7.8
Paragon

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0289 is an insecure kernel resource access vulnerability found in Paragon Partition Manager's driver, BioNTdrv.sys. The vulnerability exists due to a lack of validation of the MappedSystemVa pointer before it's passed to HalReturnToFirmware. This flaw allows attackers who have local access to the system to potentially compromise the affected service. Exploitation of this vulnerability has been observed in Bring Your Own Vulnerable Driver (BYOVD) attacks. Version 17 of the software is known to be affected. Paragon Software has addressed these vulnerabilities in version 2.0.

Description
Paragon Partition Manager version 17.9.1, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
Source
cret@cert.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-0289

    @transilienceai

    27 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-0289

    @transilienceai

    18 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Paragon Partition Manager's BioNTdrv.sys driver has a critical vulnerability (CVE-2025-0289) exploited in ransomware attacks. Attackers with local access can escalate privileges and run malicious code on Windows systems. https://t.co/3m3zMQPbX8

    @achi_tech

    10 Mar 2025

    51 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-0289

    @transilienceai

    10 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. csirt_it: La Settimana Cibernetica del 09 marzo 2025 🔹aggiornamenti per molteplici prodotti 🔹Paragon Partition Manager: rilevato sfruttamento della CVE-2025-0289 🔹Mautic: PoC per lo la CVE-2024-47051 ⚠️#EPSS: rilevate variazioni in prodotti di inter… https://t.co/V9fRnpODwp

    @Vulcanux_

    10 Mar 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. La Settimana Cibernetica del 09 marzo 2025 🔹aggiornamenti per molteplici prodotti 🔹Paragon Partition Manager: rilevato sfruttamento della CVE-2025-0289 🔹Mautic: PoC per lo la CVE-2024-47051 ⚠️#EPSS: rilevate variazioni in prodotti di interesse 🔗https://t.co/3fFpT6ArRo http

    @csirt_it

    10 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🔒 ثغرة أمنية في برنامج إدارة الأقسام الإلكتروني تهدد الأنظمة الإلكترونية! الثغرة CVE-2025-0289 تستخدم في هجمات الفدية. تأثيراتها تشمل الصناعة بأكملها. تحديثات أمنية متاحة، للمزيد من التفاصيل: https://t.co/MgmTPNc6JY #الأمن_السيبراني

    @CYBRAT_NET

    7 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-0289

    @transilienceai

    5 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Attacchi ransomware: exploit “mortali” e false richieste inviate via posta Smartphone, attacco, attacco hacker, BackConnect proxy, BianLian, BioNTdrv.sys, Black Basta Teams, byovd, Cactus, CVE-2025-0289, exploit, falsa richiesta riscatto, Hunters Interna… https://t.co/vtGc1C2nKA

    @matricedigitale

    5 Mar 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CVE-2025-0289 🔴 HIGH (7.8) 🏢 Paragon Software - Paragon Partition Manager 🏗️ V17 🔗 https://t.co/muQmPtolq5 🔗 https://t.co/8FQW7QAfto #CyberCron #VulnAlert #InfoSec https://t.co/8kCrk6PE4M

    @cybercronai

    4 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 Vulnerabilidad crítica en Paragon Partition Manager: CVE-2025-0289 🔍 CVE-2025-0289 afecta al controlador BioNTdrv.sys de Paragon Partition Manager, permitiendo a atacantes locales escalar privilegios y ejecutar código malicioso. https://t.co/oPzvwMGXRp

    @tpx_Security

    4 Mar 2025

    154 Impressions

    3 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Critical Paragon Driver Flaw (CVE-2025-0289) Used in Ransomware Campaigns #cybersecurity #news #latest #trending #viral https://t.co/KXxQBYdvfi

    @cyashadotcom

    4 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Ransomware Gangs Exploit Paragon Partition Manager Zero-Day Microsoft warns CVE-2025-0289 is actively exploited for SYSTEM access via a vulnerable BioNTdrv.sys driver. Attackers use BYOVD to escalate privileges! Patch now to BioNTdrv.sys v2.0.0 & enable Windows Vulnerable Dr

    @dCypherIO

    3 Mar 2025

    54 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Warning: @ParagonSoftware PartitionManager's BioNTdrv.sys driver has 5 vulnerabilities. @msftsecurity has detected a Threat Actor exploiting CVE-2025-0289 in ransomware attacks. Vendor Advisory: https://t.co/VITHVHf4pl. It's time to #Patch #Patch #Patch

    @CCBalert

    3 Mar 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. csirt_it: ‼️ #Paragon: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-0289 presente su molteplici prodotti Rischio: 🔴 Tipologia: 🔸Privilege Escalation 🔗https://t.co/VOmJmq1ezw 🔄 Aggiornamenti disponibili 🔄 https://t.co/54CAT4Xqjt

    @Vulcanux_

    3 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Microsoft identified five vulnerabilities in Paragon Partition Manager's BioNTdrv.sys driver, with CVE-2025-0289 actively exploited in BYOVD ransomware attacks to gain SYSTEM privileges. https://t.co/0FaOC8wYua

    @securityRSS

    3 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  17. 📌 هاجم قراصنة مستغلين ثغرة أمنية في برنامج Paragon Partition Manager، مما ساعدهم على تصعيد الامتيازات وتشغيل كود عشوائي في هجمات الفدية. تم اكتشاف الثغرة (CVE-2025-0289) من قبل مايكروسوفت وهي جزء من خمس ثغرات ضمن مجموعة، كما أفاد مركز تنسيق الاستجابة للطوارئ (CERT/CC). #الامن…

    @Cybercachear

    3 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Paragon Partition Manager's BioNTdrv.sys driver has a critical vulnerability (CVE-2025-0289) exploited in ransomware attacks. Attackers with local access can escalate privileges and run malicious code on Windows systems. Read the full analysis here: https://t.co/5QOCbTGQsS

    @TheHackersNews

    3 Mar 2025

    10997 Impressions

    36 Retweets

    84 Likes

    10 Bookmarks

    0 Replies

    1 Quote

  19. Paragon Partition ManagerのドライバBioNTDrv.sysのゼロデイ脆弱性がランサムウェア集団に使用されている。マイクロソフト社報告。CVE-2025-0289はSYSTEM権限を奪取可能。バージョン2.0.0で修正されており、そのほかにも複数の脆弱性が修正されている。 https://t.co/6m7v9YKZ6S

    @__kokumoto

    2 Mar 2025

    738 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  20. ⚠️ Vulnerability Alert: Paragon Partition Manager BioNTdrv.sys Driver Vulnerabilities 📅 Timeline: Disclosure: 2025-03-01, Patch: 2025-03-01 📌 Attribution: Ransomware Gangs 🆔 CVE ID: CVE-2025-0289 📊 Base Score: Not yet assigned 📏 CVSS Metrics: Details pending CVSS

    @syedaquib77

    2 Mar 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References