Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks

Here the security analysts at Carnegie Mellon University noted that the most concerning aspect of these vulnerabilities is that they can be exploited even if Paragon Partition Manager isn’t installed on the target system, through a technique known as Bring Your Own Vulnerable Driver (BYOVD). Five critical memory vulnerabilities in Paragon Partition Manager’s BioNTdrv.sys driver have been discovered, allowing attackers to escalate privileges and cause denial-of-service conditions on affected systems. The discovered flaws include arbitrary kernel memory mapping and write vulnerabilities, a null pointer dereference issue, insecure kernel resource access, and an arbitrary memory move vulnerability. Security researchers have detected that CVE-2025-0286 represents an arbitrary kernel memory write vulnerability in version 7.9.1, which occurs due to improper validation of user-supplied data lengths. Paragon Software has responded to these security concerns by releasing an updated driver, BioNTdrv.sys version 2.0.0, which addresses all five vulnerabilities. Similarly, CVE-2025-0289 involves insecure kernel resource access in version 17, caused by failure to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware, effectively allowing attackers to compromise the affected service. Security administrators should prioritize applying the driver blocklist across their environments and implement comprehensive endpoint monitoring to detect attempts to load vulnerable drivers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerabilities, identified in versions prior to 2.0.0, were officially disclosed on February 28, 2025, by the CERT Coordination Center, following reports from Microsoft about active exploitation in ransomware campaigns. This allows attackers to write to arbitrary locations in kernel memory, potentially compromising the entire system. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. These security issues have been assigned five distinct CVE identifiers: CVE-2025-0285, CVE-2025-0286, CVE-2025-0287, CVE-2025-0288, and CVE-2025-0289.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 03 Mar 2025 19:35:26 +0000


Cyber News related to Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks

Windows 10 KB5034441 security update fails with 0x80070643 errors - Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. Windows 10 creates a recovery partition, usually around ...
1 year ago Bleepingcomputer.com
ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions | WIRED - Measures have included placing spyware vendors like NSO Group and Intellexa on the so-called Entity List to prevent any US companies from doing business with them; enacting a visa restriction policy against multiple individuals “who have been ...
5 months ago Wired.com
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks - Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. "Microsoft has observed threat actors (TAs) exploiting this ...
2 weeks ago Bleepingcomputer.com CVE-2025-0289
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
6 hours ago Cybersecuritynews.com
Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks - Here the security analysts at Carnegie Mellon University noted that the most concerning aspect of these vulnerabilities is that they can be exploited even if Paragon Partition Manager isn’t installed on the target system, through a technique ...
2 weeks ago Cybersecuritynews.com CVE-2025-0286
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks - Citizen Lab also mapped out the server infrastructure used by Paragon to deploy the Graphite spyware implants on targets' devices, finding potential links to multiple government customers, including Australia, Canada, Cyprus, Denmark, Israel, and ...
1 day ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2024-21589 - An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration ...
1 year ago Tenable.com
Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
5 months ago Wordfence.com Slug
CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago
CVE-2022-22190 - An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. ...
1 year ago
An Italian journalist speaks about being targeted with Paragon spyware | The Record from Recorded Future News - In an interview with Recorded Future News, Cancellato said he is not sure if Prime Minister Giorgia Meloni’s government is tied to the incident, though Paragon has reportedly ended its contract with Italy. [We found] a lot of antisemitic and racist ...
1 month ago Therecord.media
CVE-2018-0035 - QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended ...
5 years ago
CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm&#95;send&#95;html&#95;mail, nbm&#95;send&#95;mail&#95;as, nbm&#95;send&#95;detailed&#95;content, ...
2 years ago
CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2020-28092 - PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?gTeam&mTask&amy&status3&id,?gTeam&mTask&amy&status0&id,?gTeam&mTask&amy&status1&id,?gTeam&mTask&amy&status10&id ...
4 years ago
Microsoft working on a fix for Windows 10 0x80070643 errors - Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability. While the security issue was resolved during this month's Patch Tuesday, ...
1 year ago Bleepingcomputer.com CVE-2024-20666
CVE-2023-28971 - An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules and ...
1 year ago
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications - During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging ...
1 year ago Securityboulevard.com
CVE-2025-21772 - In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding ...
55 years ago Tenable.com
10 Most Common Types of Cyber Attacks in 2023 - Cyber attacks are evolving rapidly with advancements in technology, as threat actors exploit new vulnerabilities in:-. The expansion of Internet of Things devices provides new attack surfaces to the threat actors. Here below we have mentioned all the ...
1 year ago Gbhackers.com
Definition from TechTarget - Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. They're identified as nation-state attackers, and they've been accused of attacking the IT ...
1 year ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)