Vulnerability Description
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paragon-Software | Paragon Backup \& Recovery | >= 15, <= 17.39 |
| Paragon-Software | Paragon Disk Wiper | >= 15, <= 16 |
| Paragon-Software | Paragon Drive Copy | >= 15, <= 16 |
| Paragon-Software | Paragon Hard Disk Manager | >= 15, <= 17.39 |
| Paragon-Software | Paragon Migrate Os To Ssd | >= 4, <= 5 |
| Paragon-Software | Paragon Partition Manager | >= 15, <= 17.39 |
References
- https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Vendor Advisory
- https://www.kb.cert.org/vuls/id/726882Third Party Advisory
- https://www.paragon-software.com/support/#patchesProduct
FAQ
What is CVE-2025-0288?
CVE-2025-0288 is a vulnerability with a CVSS score of 7.8 (HIGH). Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, ...
How severe is CVE-2025-0288?
CVE-2025-0288 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-0288?
Check the references section above for vendor advisories and patch information. Affected products include: Paragon-Software Paragon Backup \& Recovery, Paragon-Software Paragon Disk Wiper, Paragon-Software Paragon Drive Copy, Paragon-Software Paragon Hard Disk Manager, Paragon-Software Paragon Migrate Os To Ssd.