Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local kernel-driver LPE reachable from any authenticated low-priv user (AV:L, PR:L, AC:L, UI:N); successful exploitation yields SYSTEM, giving full C/I/A impact without scope change.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The affected component should be upgraded. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists."
AnalysisAI
Local privilege escalation in EaseUS Partition Master versions 14.0 through 14.5 allows low-privileged users to abuse the EUEDKEPM.sys kernel driver due to improper access controls (CWE-284). Publicly available exploit code exists and the vendor has released a patched version, though the issue is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires EaseUS Partition Master versions 14.0 through 14.5 to be installed on the target Windows host with the EUEDKEPM.sys kernel driver loaded, plus an existing local low-privileged session (PR:L) on that host to open the driver's device object; no user interaction is needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N, VC:H/VI:H/VA:H) correctly characterizes this as a high-impact local issue requiring only low privileges and no user interaction, consistent with a kernel-driver LPE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained an ordinary user session on a Windows host where EaseUS Partition Master 14.0-14.5 is installed opens a handle to the EUEDKEPM.sys device and issues a crafted IOCTL that the driver fails to gate behind a proper access check. Using the public proof-of-concept published at winslow1984.com, the attacker leverages the driver's privileged primitives (typically arbitrary kernel read/write or raw disk I/O) to elevate to SYSTEM, then installs persistence or disables endpoint security tooling. … |
| Remediation | Patch available per vendor advisory: upgrade EaseUS Partition Master to the latest release from https://www.easeus.com/partition-manager/, which the vendor states resolves the EUEDKEPM.sys access-control issue (an exact fixed version string is not provided in the advisory, so verify the installed driver version after upgrade). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all systems running EaseUS Partition Master 14.0-14.5 in the environment. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Partition Master
View allSame weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38147
GHSA-2p82-8c67-963q