Arbitrary Kernel Memory Mapping Vulnerability in Paragon Partition Manager
CVE-2025-0285

7.8HIGH

Key Information:

Vendor: Paragon Software
Status: Partition Manager; Hard Disk Manager; Backup And Recovery; Paragon Drive Copy
Vendor: CVE Published:; 3 March 2025

🔔 Create Paragon Software Vulnerability Alert

What is CVE-2025-0285?

Paragon Partition Manager version 7.9.1 contains a vulnerability within the biontdrv.sys driver, which stems from improper validation of the length of user-supplied data. This flaw may enable an attacker to exploit the system through privilege escalation, potentially allowing unauthorized access and control over sensitive system functions. The vendor has provided a security patch to mitigate this risk, highlighting the importance of updating to the latest software version.

Affected Version(s)

Backup and Recovery 15 <= 17.39

Disk Wiper 15 <= 16

Hard Disk Manager 15 <= 17.39

References

https://paragon-software.zendesk.com/hc/en-us/articles/32...

https://www.kb.cert.org/vuls/id/726882

https://www.paragon-software.com/support/#patches

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 6, 2025