CVE-2025-0288

High CVSS: 7.8

Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.

Vendor

Paragon-software

Product

Paragon Backup \& Recovery

CWE

NVD-CWE-noinfo

Yayın Tarihi

2025-03-03 17:15:13

Güncelleme

2025-06-25 16:49:22

Source Identifier

cret@cert.org

KEV Date Added

Kategoriler

NVD-CWE-noinfo Paragon Backup \& Recovery HIGH Paragon-software 2025

Referanslar

https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys https://www.kb.cert.org/vuls/id/726882 https://www.paragon-software.com/support/#patches

Benzer Kayıtlar

High

CVE-2025-0285

Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is c…

High

CVE-2025-0286

Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is cau…

Medium

CVE-2025-0287

Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by…

High

CVE-2025-0289

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not…