CVE-2025-0288
Last modified
CVE-2025-0288 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paragon-Software | Paragon Backup \& Recovery | >= 15, <= 17.39 |
| Paragon-Software | Paragon Disk Wiper | >= 15, <= 16 |
| Paragon-Software | Paragon Drive Copy | >= 15, <= 16 |
| Paragon-Software | Paragon Hard Disk Manager | >= 15, <= 17.39 |
| Paragon-Software | Paragon Migrate Os To Ssd | >= 4, <= 5 |
| Paragon-Software | Paragon Partition Manager | >= 15, <= 17.39 |
References
- https://www.kb.cert.org/vuls/id/726882Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-0288?
How severe is CVE-2025-0288?
How do I fix CVE-2025-0288?
Are you affected by CVE-2025-0288?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST