Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local-only attack requiring a low-privilege account to reach the driver; no scope change as kernel impact is contained within the vulnerable system per available data.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 13.9 is sufficient to fix this issue. The affected component should be upgraded. The vendor was contacted early about this disclosure.
AnalysisAI
Improper access controls in MiniTool Partition Wizard's signed kernel driver pwdrvio.sys (versions up to 13.6) allow a local low-privileged user to interact with privileged driver functionality without authorization. The vulnerability is tagged as an authentication bypass against a kernel-mode component, meaning a standard user account can invoke driver operations that should be restricted to administrative or system-level callers. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that MiniTool Partition Wizard (version 13.6 or earlier) is installed on the target Windows system and that the pwdrvio.sys kernel driver has been loaded. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 4.8 (Medium) with vector AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L reflects a realistic and honest assessment: exploitation is strictly local (AV:L) and requires a low-privilege account (PR:L), which significantly constrains the attack surface to scenarios where an adversary already has a foothold. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already gained a low-privileged local account on a Windows endpoint where MiniTool Partition Wizard is installed opens a handle to the pwdrvio.sys device object, which lacks sufficient access control enforcement. Using the publicly available POC code documented at https://winslow1984.com/books/cve-collection/page/minitool-partition-wizard-kernel-driver-pwdrviosys-local-privilege-escalation, the attacker issues crafted IOCTL requests to trigger privileged kernel operations, potentially enabling local privilege escalation to SYSTEM or manipulation of disk structures. |
| Remediation | Upgrade MiniTool Partition Wizard to version 13.9 or later, which the vendor confirms resolves this issue. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Partition Wizard
View allMiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the s
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execut
MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43197
GHSA-fx54-g6r7-6jq2