CVE-2025-0288

Published Mar 3, 2025

Last updated 10 months ago

CVSS high 7.8

Overview

Description: Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
Source: cret@cert.org
NVD status: Analyzed
Products: paragon_backup_\&_recovery, paragon_disk_wiper, paragon_drive_copy, paragon_hard_disk_manager, paragon_migrate_os_to_ssd, paragon_partition_manager

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:paragon-software:paragon_backup_\\&_recovery:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "79494FF3-97A2-4DFA-AFE8-3A4E1C4F2C67",
            "versionEndIncluding": "17.39",
            "versionStartIncluding": "15",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2B71A5C9-A1A5-4965-B430-6401C5D87704",
            "versionEndIncluding": "16",
            "versionStartIncluding": "15",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "7AEEBDE5-02CD-469E-84BC-4EADCB3BEFC9",
            "versionEndIncluding": "16",
            "versionStartIncluding": "15",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F70FA517-5000-41D9-BAF4-4853C0C2E2F2",
            "versionEndIncluding": "17.39",
            "versionStartIncluding": "15",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "54699509-C197-4AE6-B1DC-D53365128BD6",
            "versionEndIncluding": "5",
            "versionStartIncluding": "4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BDBED8CE-A90D-48DC-89F6-CA5EF10DD12C",
            "versionEndIncluding": "17.39",
            "versionStartIncluding": "15",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References