CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0285: CVE-2025-0285

Description

Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.

Classification

CVE ID: CVE-2025-0285

Problem Types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 Improper Input Validation

Affected Products

Vendor: Paragon Software

Product: Paragon Partition Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 12.05% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0285
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys
https://www.kb.cert.org/vuls/id/726882

Timeline

2025-03-03 17:40:19 UTC
CVE

CVE-2025-0285