CVE-2025-0289

Name of the Vulnerable Software and Affected Versions Paragon Partition Manager version 17 Paragon Partition Manager versions prior to 2.0.0

Description The issue is related to an insecure kernel resource access vulnerability in the BioNTdrv.sys driver, which can be exploited to compromise the service. This vulnerability is facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware. Attackers with local access can escalate privileges and run malicious code on Windows systems. The vulnerability has been exploited in ransomware attacks, specifically in BYOVD (Bring Your Own Vulnerable Driver) attacks, allowing attackers to gain SYSTEM privileges.

Recommendations For Paragon Partition Manager version 17, update to version 2.0.0 or later to resolve the issue. For Paragon Partition Manager versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the BioNTdrv.sys driver until a patch is available. Restrict access to the vulnerable driver to minimize the risk of exploitation. Avoid using the MappedSystemVa pointer in the affected API endpoint until the issue is resolved.