Vulnerability Description
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paragon-Software | Paragon Backup \& Recovery | >= 15, <= 17.39 |
| Paragon-Software | Paragon Disk Wiper | >= 15, <= 16 |
| Paragon-Software | Paragon Drive Copy | >= 15, <= 16 |
| Paragon-Software | Paragon Hard Disk Manager | >= 15, <= 17.39 |
| Paragon-Software | Paragon Migrate Os To Ssd | >= 4, <= 5 |
| Paragon-Software | Paragon Partition Manager | >= 15, <= 17.39 |
Related Weaknesses (CWE)
References
- https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Vendor Advisory
- https://www.kb.cert.org/vuls/id/726882Third Party Advisory
- https://www.paragon-software.com/support/#patchesProduct
FAQ
What is CVE-2025-0286?
CVE-2025-0286 is a vulnerability with a CVSS score of 8.4 (HIGH). Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which ca...
How severe is CVE-2025-0286?
CVE-2025-0286 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-0286?
Check the references section above for vendor advisories and patch information. Affected products include: Paragon-Software Paragon Backup \& Recovery, Paragon-Software Paragon Disk Wiper, Paragon-Software Paragon Drive Copy, Paragon-Software Paragon Hard Disk Manager, Paragon-Software Paragon Migrate Os To Ssd.