Skip to main content

Partition Wizard

4 CVEs product

Monthly

CVE-2026-15475 LOW POC PATCH Monitor

Improper access controls in MiniTool Partition Wizard's signed kernel driver pwdrvio.sys (versions up to 13.6) allow a local low-privileged user to interact with privileged driver functionality without authorization. The vulnerability is tagged as an authentication bypass against a kernel-mode component, meaning a standard user account can invoke driver operations that should be restricted to administrative or system-level callers. A publicly available proof-of-concept exploit lowers the practical exploitation bar, though no active exploitation is confirmed via CISA KEV at time of analysis.

Authentication Bypass Partition Wizard
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2023-38352 HIGH This Week

MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Partition Wizard
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38351 HIGH This Week

MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Partition Wizard
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-29320 HIGH POC This Week

MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Partition Wizard
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Improper access controls in MiniTool Partition Wizard's signed kernel driver pwdrvio.sys (versions up to 13.6) allow a local low-privileged user to interact with privileged driver functionality without authorization. The vulnerability is tagged as an authentication bypass against a kernel-mode component, meaning a standard user account can invoke driver operations that should be restricted to administrative or system-level callers. A publicly available proof-of-concept exploit lowers the practical exploitation bar, though no active exploitation is confirmed via CISA KEV at time of analysis.

Authentication Bypass Partition Wizard
NVD VulDB
EPSS 1% CVSS 8.1
HIGH This Week

MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Partition Wizard
NVD
EPSS 1% CVSS 8.1
HIGH This Week

MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Partition Wizard
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Partition Wizard
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy