CVE-2025-0286

Summary

Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.

Affected Software

VendorProductVersion RangeStatus
Paragon SoftwarePartition Manager15 <= 17.39affected
Paragon SoftwareHard Disk Manager15 <= 17.39affected
Paragon SoftwareBackup and Recovery15 <= 17.39affected
Paragon SoftwareDrive Copy15 <= 16affected
Paragon SoftwareDisk Wiper15 <= 16affected
Paragon SoftwareMigrate OS to SSD4 <= 5affected

Weaknesses

  • CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References