Vulnerability Description
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paragon-Software | Paragon Backup \& Recovery | >= 15, <= 17.39 |
| Paragon-Software | Paragon Disk Wiper | >= 15, <= 16 |
| Paragon-Software | Paragon Drive Copy | >= 15, <= 16 |
| Paragon-Software | Paragon Hard Disk Manager | >= 15, <= 17.39 |
| Paragon-Software | Paragon Migrate Os To Ssd | >= 4, <= 5 |
| Paragon-Software | Paragon Partition Manager | >= 15, <= 17.39 |
Related Weaknesses (CWE)
References
- https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Vendor Advisory
- https://www.kb.cert.org/vuls/id/726882Third Party Advisory
- https://www.paragon-software.com/support/#patchesProduct
FAQ
What is CVE-2025-0287?
CVE-2025-0287 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker...
How severe is CVE-2025-0287?
CVE-2025-0287 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-0287?
Check the references section above for vendor advisories and patch information. Affected products include: Paragon-Software Paragon Backup \& Recovery, Paragon-Software Paragon Disk Wiper, Paragon-Software Paragon Drive Copy, Paragon-Software Paragon Hard Disk Manager, Paragon-Software Paragon Migrate Os To Ssd.