Skip to main content

MiniTool Partition Wizard CVE-2026-15475

| EUVDEUVD-2026-43197 LOW
Improper Access Control (CWE-284)
2026-07-12 VulDB GHSA-fx54-g6r7-6jq2
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Local-only attack requiring a low-privilege account to reach the driver; no scope change as kernel impact is contained within the vulnerable system per available data.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 12, 2026 - 03:22 NVD
MEDIUM LOW
CVSS changed
Jul 12, 2026 - 03:22 NVD
4.8 (MEDIUM) 1.9 (LOW)
Analysis Generated
Jul 12, 2026 - 02:44 vuln.today

DescriptionCVE.org

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 13.9 is sufficient to fix this issue. The affected component should be upgraded. The vendor was contacted early about this disclosure.

AnalysisAI

Improper access controls in MiniTool Partition Wizard's signed kernel driver pwdrvio.sys (versions up to 13.6) allow a local low-privileged user to interact with privileged driver functionality without authorization. The vulnerability is tagged as an authentication bypass against a kernel-mode component, meaning a standard user account can invoke driver operations that should be restricted to administrative or system-level callers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privileged local user session
Delivery
Confirm pwdrvio.sys driver loaded
Exploit
Open handle to driver device object
Execution
Send crafted IOCTL bypassing access controls
Persist
Execute privileged kernel-mode operations
Impact
Achieve local privilege escalation

Vulnerability AssessmentAI

Exploitation Exploitation requires that MiniTool Partition Wizard (version 13.6 or earlier) is installed on the target Windows system and that the pwdrvio.sys kernel driver has been loaded. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.8 (Medium) with vector AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L reflects a realistic and honest assessment: exploitation is strictly local (AV:L) and requires a low-privilege account (PR:L), which significantly constrains the attack surface to scenarios where an adversary already has a foothold. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained a low-privileged local account on a Windows endpoint where MiniTool Partition Wizard is installed opens a handle to the pwdrvio.sys device object, which lacks sufficient access control enforcement. Using the publicly available POC code documented at https://winslow1984.com/books/cve-collection/page/minitool-partition-wizard-kernel-driver-pwdrviosys-local-privilege-escalation, the attacker issues crafted IOCTL requests to trigger privileged kernel operations, potentially enabling local privilege escalation to SYSTEM or manipulation of disk structures.
Remediation Upgrade MiniTool Partition Wizard to version 13.9 or later, which the vendor confirms resolves this issue. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15475 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy