CVE-2025-0285

Summary

Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.

Affected Software

VendorProductVersion RangeStatus
Paragon SoftwareMigrate OS to SSD4 <= 5affected
Paragon SoftwareDisk Wiper15 <= 16affected
Paragon SoftwareParagon Drive Copy15 <= 16affected
Paragon SoftwareBackup and Recovery15 <= 17.39affected
Paragon SoftwareHard Disk Manager15 <= 17.39affected
Paragon SoftwarePartition Manager15 <= 17.39affected

Weaknesses

  • CWE-1287: Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References