CVE-2025-0287 - Vulnerability Details

Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Paragon-software	Paragon Backup \& Recovery Paragon Disk Wiper Paragon Drive Copy Paragon Hard Disk Manager Paragon Migrate Os To Ssd Paragon Partition Manager

Configuration 1 [-]

OR	cpe:2.3:a:paragon-software:paragon_backup_\&_recovery::::::::
	cpe:2.3:a:paragon-software:paragon_disk_wiper::::::::
	cpe:2.3:a:paragon-software:paragon_drive_copy::::::::
	cpe:2.3:a:paragon-software:paragon_hard_disk_manager::::::::
	cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd::::::::
	cpe:2.3:a:paragon-software:paragon_partition_manager::::::::

No data.

References

Link	Providers
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys
https://www.kb.cert.org/vuls/id/726882
https://www.paragon-software.com/support/#patches

History

Wed, 25 Jun 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Paragon-software Paragon-software paragon Backup \& Recovery Paragon-software paragon Disk Wiper Paragon-software paragon Drive Copy Paragon-software paragon Hard Disk Manager Paragon-software paragon Migrate Os To Ssd Paragon-software paragon Partition Manager
CPEs		cpe:2.3:a:paragon-software:paragon_backup_\&_recovery:::::::: cpe:2.3:a:paragon-software:paragon_disk_wiper:::::::: cpe:2.3:a:paragon-software:paragon_drive_copy:::::::: cpe:2.3:a:paragon-software:paragon_hard_disk_manager:::::::: cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:::::::: cpe:2.3:a:paragon-software:paragon_partition_manager::::::::
Vendors & Products		Paragon-software Paragon-software paragon Backup \& Recovery Paragon-software paragon Disk Wiper Paragon-software paragon Drive Copy Paragon-software paragon Hard Disk Manager Paragon-software paragon Migrate Os To Ssd Paragon-software paragon Partition Manager

Mon, 14 Apr 2025 20:30:00 +0000

Type	Values Removed	Values Added
Description	Paragon Partition Manager version 17.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.	Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

Thu, 27 Mar 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description	Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.	Paragon Partition Manager version 17.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

Wed, 05 Mar 2025 13:45:00 +0000

Type	Values Removed	Values Added
References		https://www.paragon-software.com/support/#patches

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 03 Mar 2025 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
Metrics		cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

Mon, 03 Mar 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description		Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.
Title		CVE-2025-0287
References		https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys https://www.kb.cert.org/vuls/id/726882

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2025-03-03T16:25:08.481Z

Updated: 2025-09-05T12:08:03.175Z

Reserved: 2025-01-06T19:15:09.799Z

Link: CVE-2025-0287

Vulnrichment

Updated: 2025-03-03T19:28:49.817Z

NVD

Status : Analyzed

Published: 2025-03-03T17:15:13.710

Modified: 2025-06-25T16:49:19.670

Link: CVE-2025-0287

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object