CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0286: CVE-2025-0286

Description

Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.

Classification

CVE ID: CVE-2025-0286

Problem Types

CWE-787 Out-of-bounds Write CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected Products

Vendor: Paragon Software

Product: Paragon Partition Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 21.04% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0286
https://www.kb.cert.org/vuls/id/726882
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys

Timeline

2025-03-03 17:40:20 UTC
CVE

CVE-2025-0286