CyberSecurityBoard
Sponsor Register Login

Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks

Here the security analysts at Carnegie Mellon University noted that the most concerning aspect of these vulnerabilities is that they can be exploited even if Paragon Partition Manager isn’t installed on the target system, through a technique known as Bring Your Own Vulnerable Driver (BYOVD). Five critical memory vulnerabilities in Paragon Partition Manager’s BioNTdrv.sys driver have been discovered, allowing attackers to escalate privileges and cause denial-of-service conditions on affected systems. The discovered flaws include arbitrary kernel memory mapping and write vulnerabilities, a null pointer dereference issue, insecure kernel resource access, and an arbitrary memory move vulnerability. Security researchers have detected that CVE-2025-0286 represents an arbitrary kernel memory write vulnerability in version 7.9.1, which occurs due to improper validation of user-supplied data lengths. Paragon Software has responded to these security concerns by releasing an updated driver, BioNTdrv.sys version 2.0.0, which addresses all five vulnerabilities. Similarly, CVE-2025-0289 involves insecure kernel resource access in version 17, caused by failure to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware, effectively allowing attackers to compromise the affected service. Security administrators should prioritize applying the driver blocklist across their environments and implement comprehensive endpoint monitoring to detect attempts to load vulnerable drivers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerabilities, identified in versions prior to 2.0.0, were officially disclosed on February 28, 2025, by the CERT Coordination Center, following reports from Microsoft about active exploitation in ransomware campaigns. This allows attackers to write to arbitrary locations in kernel memory, potentially compromising the entire system. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. These security issues have been assigned five distinct CVE identifiers: CVE-2025-0285, CVE-2025-0286, CVE-2025-0287, CVE-2025-0288, and CVE-2025-0289.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 03 Mar 2025 19:35:26 +0000


Cyber News related to Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks

Windows 10 KB5034441 security update fails with 0x80070643 errors - Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. Windows 10 creates a recovery partition, usually around ...
1 year ago Bleepingcomputer.com
ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions | WIRED - Measures have included placing spyware vendors like NSO Group and Intellexa on the so-called Entity List to prevent any US companies from doing business with them; enacting a visa restriction policy against multiple individuals “who have been ...
1 year ago Wired.com
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks - Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. "Microsoft has observed threat actors (TAs) exploiting this ...
8 months ago Bleepingcomputer.com CVE-2025-0289
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
7 months ago Cybersecuritynews.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
4 years ago
Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks - Here the security analysts at Carnegie Mellon University noted that the most concerning aspect of these vulnerabilities is that they can be exploited even if Paragon Partition Manager isn’t installed on the target system, through a technique ...
8 months ago Cybersecuritynews.com CVE-2025-0286
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks - Citizen Lab also mapped out the server infrastructure used by Paragon to deploy the Graphite spyware implants on targets' devices, finding potential links to multiple government customers, including Australia, Canada, Cyprus, Denmark, Israel, and ...
7 months ago Bleepingcomputer.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
4 months ago Cybersecuritynews.com
CVE-2024-21589 - An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration ...
1 year ago Tenable.com
ICE reinstated spyware Paragon to hack suspects' phones, court documents reveal - The U.S. Immigration and Customs Enforcement (ICE) agency has reinstated the use of the spyware Paragon, a powerful surveillance tool, to hack into suspects' phones, according to recent court documents. Paragon is known for its ability to bypass ...
2 months ago Infosecurity-magazine.com
Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses - As threat actors adapt their techniques, Microsoft has responded with significant security enhancements while organizations navigate a complex threat environment dominated by privilege escalation attacks and driver vulnerabilities. This Windows ...
6 months ago Cybersecuritynews.com CVE-2025-0289
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu
Italian Adviser Becomes Target of Paragon Graphite Spyware - An Italian adviser has recently been targeted by the sophisticated Paragon Graphite spyware, highlighting the increasing risks faced by high-profile individuals in the cybersecurity landscape. Paragon Graphite is a highly advanced spyware toolkit ...
2 days ago Cybersecuritynews.com Paragon Graphite
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
1 year ago Wordfence.com Slug
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
6 months ago Cybersecuritynews.com
CVE-2023-53256 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2022-22190 - An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. ...
2 years ago
An Italian journalist speaks about being targeted with Paragon spyware | The Record from Recorded Future News - In an interview with Recorded Future News, Cancellato said he is not sure if Prime Minister Giorgia Meloni’s government is tied to the incident, though Paragon has reportedly ended its contract with Italy. [We found] a lot of antisemitic and racist ...
8 months ago Therecord.media
CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
8 years ago
CVE-2018-0035 - QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended ...
6 years ago
CVE-2025-39915 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm&#95;send&#95;html&#95;mail, nbm&#95;send&#95;mail&#95;as, nbm&#95;send&#95;detailed&#95;content, ...
2 years ago
CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Microsoft working on a fix for Windows 10 0x80070643 errors - Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability. While the security issue was resolved during this month's Patch Tuesday, ...
1 year ago Bleepingcomputer.com CVE-2024-20666

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)