Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local attacker with low-privileged authenticated access exploits a kernel driver lacking access checks to gain SYSTEM, yielding full CIA impact with no UI and no scope change.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists."
AnalysisAI
Local privilege escalation in EaseUS Partition Master through version 14.5 stems from improper access controls in the epmntdrv.sys kernel driver, allowing a low-privileged local user to gain SYSTEM-level control over the host. Publicly available exploit code exists and the vendor has confirmed the issue was resolved in newer releases, though no specific patched version is named in the advisory.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) EaseUS Partition Master versions 14.0 through 14.5 installed on the target Windows host with the epmntdrv.sys kernel driver loaded, and (2) the attacker to already possess local code execution as a low-privileged authenticated user (PR:L in the CVSS 4.0 vector), meaning this is not remotely reachable and cannot be triggered without an existing foothold. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) with score 7.1 and E:P (Proof-of-Concept) accurately reflects a high-impact local privilege escalation: an authenticated low-privileged user can achieve full confidentiality, integrity, and availability compromise of the host with no user interaction and low attack complexity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged foothold on a Windows endpoint - obtained via phishing, a browser exploit, or a malicious insider account - locates the EaseUS Partition Master installation and opens a handle to the epmntdrv.sys device object, which the driver fails to restrict to administrators. Using the publicly available proof-of-concept (winslow1984.com writeup), the attacker issues crafted IOCTLs to perform kernel-mode read/write primitives and elevates to NT AUTHORITY\SYSTEM, then disables EDR, dumps LSASS, or installs persistent tooling. |
| Remediation | Patch available per vendor advisory - EaseUS states the issue is resolved in the latest version of Partition Master, so upgrade to the current release from https://www.easeus.com/partition-manager/ and confirm the shipped epmntdrv.sys is the post-fix build; an exact patched version number is not published in the advisory, so verify with EaseUS support before declaring systems clean. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify systems running EaseUS Partition Master 14.5 and earlier through your asset inventory. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Partition Master
View allSame weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38146
GHSA-5497-893c-j3pf