CVE-2025-0288
HIGHDescription
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
Is your site exposed to CVE-2025-0288?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| paragon-software | paragon_backup_\&_recovery |
| paragon-software | paragon_disk_wiper |
| paragon-software | paragon_drive_copy |
| paragon-software | paragon_hard_disk_manager |
| paragon-software | paragon_migrate_os_to_ssd |
| paragon-software | paragon_partition_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-0288? +
How severe is CVE-2025-0288? +
What products are affected by CVE-2025-0288? +
How do I check if I'm vulnerable to CVE-2025-0288? +
Related Vulnerabilities
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to …
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to …
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer …
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a …