CVE-2025-0287

Summary

Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

Affected Software

VendorProductVersion RangeStatus
Paragon SoftwareMigrate OS to SSD4 <= 5affected
Paragon SoftwareDisk Wiper15 <= 16affected
Paragon SoftwareDrive Copy15 <= 16affected
Paragon SoftwareBackup and Recovery15 <= 17.39affected
Paragon SoftwareHard Disk Manager15 <= 17.39affected
Paragon SoftwarePartition Manager15 <= 17.39affected

Weaknesses

  • CWE-476 NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References