Description
A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The affected component should be upgraded. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists."
Published: 2026-06-21
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in the kernel driver EUEDKEPM.sys used by EaseUS Partition Master versions up to 14.5. The flaw is caused by improper access control within an unknown function, allowing a local attacker to bypass restrictions and gain elevated privileges. This weakness falls under CWE-266 and CWE-284 and can lead to full system compromise if exploited.

Affected Systems

This issue impacts EaseUS Partition Master customers running any version older than 14.6, specifically those that include the EUEDKEPM.sys driver. The problem originates from the kernel driver component, and all installations of the affected product versions are susceptible.

Risk and Exploitability

The flaw carries a CVSS score of 8.5, indicating a high severity. No EPSS score is available, but an exploit is publicly released, demonstrating a local privilege escalation vector. The vulnerability is not listed in CISA KEV, yet its local nature and high impact make it a significant risk for any machine that has the vulnerable driver installed.

Generated by OpenCVE AI on June 21, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest version of EaseUS Partition Master, which contains the corrected EUEDKEPM.sys driver and eliminates the access control flaw.
  • Remove any remaining copies of the old EUEDKEPM.sys file from the system to prevent accidental loading of the vulnerable driver.
  • Limit local administrative access to the affected computers and consider disabling kernel driver installation until the patch is applied.

Generated by OpenCVE AI on June 21, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The affected component should be upgraded. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists."
Title EaseUS Partition Master Kernel Driver EUEDKEPM.sys access control
First Time appeared Easeus
Easeus partition Master
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:easeus:partition_master:*:*:*:*:*:*:*:*
Vendors & Products Easeus
Easeus partition Master
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Easeus Partition Master
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-21T06:00:10.299Z

Reserved: 2026-06-20T09:39:50.652Z

Link: CVE-2026-12782

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T09:30:09Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-284

    Improper Access Control