CVE-2025-0287

Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

CVSS v3 5.1 MEDIUM

5.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys	Vendor Advisory
https://www.kb.cert.org/vuls/id/726882	Third Party Advisory
https://www.paragon-software.com/support/#patches	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:paragon-software:paragon_backup_\&_recovery::::::::
	cpe:2.3:a:paragon-software:paragon_disk_wiper::::::::
	cpe:2.3:a:paragon-software:paragon_drive_copy::::::::
	cpe:2.3:a:paragon-software:paragon_hard_disk_manager::::::::
	cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd::::::::
	cpe:2.3:a:paragon-software:paragon_partition_manager::::::::

History

No history.

Information

Published : 2025-03-03 17:15

Updated : 2025-06-25 16:49

NVD link : CVE-2025-0287

Mitre link : CVE-2025-0287

CVE.ORG link : CVE-2025-0287

JSON object : View

Products Affected

paragon-software

paragon_drive_copy
paragon_disk_wiper
paragon_migrate_os_to_ssd
paragon_backup_\&_recovery
paragon_partition_manager
paragon_hard_disk_manager

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-0287", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.5}]}, "published": "2025-03-03T17:15:13.710", "references": [{"url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.kb.cert.org/vuls/id/726882", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.paragon-software.com/support/#patches", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation."}, {"lang": "es", "value": "Paragon Partition Manager versi\u00f3n 7.9.1 contiene una vulnerabilidad de desreferencia de puntero nulo dentro de biontdrv.sys que es causada por la falta de una estructura MasterLrp v\u00e1lida en el b\u00fafer de entrada, lo que permite a un atacante ejecutar c\u00f3digo arbitrario en el kernel, facilitando la escalada de privilegios."}], "lastModified": "2025-06-25T16:49:19.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paragon-software:paragon_backup_\\&_recovery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79494FF3-97A2-4DFA-AFE8-3A4E1C4F2C67", "versionEndIncluding": "17.39", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B71A5C9-A1A5-4965-B430-6401C5D87704", "versionEndIncluding": "16", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AEEBDE5-02CD-469E-84BC-4EADCB3BEFC9", "versionEndIncluding": "16", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F70FA517-5000-41D9-BAF4-4853C0C2E2F2", "versionEndIncluding": "17.39", "versionStartIncluding": "15"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54699509-C197-4AE6-B1DC-D53365128BD6", "versionEndIncluding": "5", "versionStartIncluding": "4"}, {"criteria": "cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDBED8CE-A90D-48DC-89F6-CA5EF10DD12C", "versionEndIncluding": "17.39", "versionStartIncluding": "15"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}