Null Pointer Dereference Vulnerability in Paragon Partition Manager by Paragon Software
CVE-2025-0287

5.1MEDIUM

Key Information:

Vendor: Paragon Software
Status: Migrate Os To Ssd; Disk Wiper; Drive Copy; Backup And Recovery
Vendor: CVE Published:; 3 March 2025

🔔 Create Paragon Software Vulnerability Alert

What is CVE-2025-0287?

Paragon Partition Manager version 7.9.1 is susceptible to a null pointer dereference vulnerability in the biontdrv.sys driver. This vulnerability is caused by an invalid MasterLrp structure in the input buffer, allowing attackers to exploit this flaw to execute arbitrary code within the kernel environment. Such an exploit can facilitate unauthorized privilege escalation, potentially compromising the integrity of the system.

Affected Version(s)

Backup and Recovery 15 <= 17.39

Disk Wiper 15 <= 16

Drive Copy 15 <= 16

References

https://paragon-software.zendesk.com/hc/en-us/articles/32...

https://www.kb.cert.org/vuls/id/726882

https://www.paragon-software.com/support/#patches

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 6, 2025