Arbitrary Memory Write Vulnerability in Paragon Partition Manager
CVE-2025-0286

8.4HIGH

Key Information:

Vendor: Paragon Software
Status: Migrate Os To Ssd; Disk Wiper; Drive Copy; Backup And Recovery
Vendor: CVE Published:; 3 March 2025

Summary

Paragon Partition Manager version 7.9.1 is susceptible to a vulnerability within the biontdrv.sys driver, which fails to adequately validate user-supplied data lengths. This oversight enables attackers to perform arbitrary writes to kernel memory, potentially allowing them to execute arbitrary code on affected systems. Users of this version are strongly advised to consider applying the available security patch to mitigate this significant risk.

Affected Version(s)

Backup and Recovery 15 <= 17.39

Disk Wiper 15 <= 16

Drive Copy 15 <= 16

References

https://www.kb.cert.org/vuls/id/726882

https://paragon-software.zendesk.com/hc/en-us/articles/32...

https://www.paragon-software.com/support/#patches

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 6, 2025