Partition Wizard
Monthly
Improper access controls in MiniTool Partition Wizard's signed kernel driver pwdrvio.sys (versions up to 13.6) allow a local low-privileged user to interact with privileged driver functionality without authorization. The vulnerability is tagged as an authentication bypass against a kernel-mode component, meaning a standard user account can invoke driver operations that should be restricted to administrative or system-level callers. A publicly available proof-of-concept exploit lowers the practical exploitation bar, though no active exploitation is confirmed via CISA KEV at time of analysis.
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Improper access controls in MiniTool Partition Wizard's signed kernel driver pwdrvio.sys (versions up to 13.6) allow a local low-privileged user to interact with privileged driver functionality without authorization. The vulnerability is tagged as an authentication bypass against a kernel-mode component, meaning a standard user account can invoke driver operations that should be restricted to administrative or system-level callers. A publicly available proof-of-concept exploit lowers the practical exploitation bar, though no active exploitation is confirmed via CISA KEV at time of analysis.
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.