CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0287: CVE-2025-0287

Description

Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

Classification

CVE ID: CVE-2025-0287

Problem Types

CWE-476 NULL Pointer Dereference

Affected Products

Vendor: Paragon Software

Product: Paragon Partition Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.82% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0287
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys
https://www.kb.cert.org/vuls/id/726882

Timeline

2025-03-03 17:40:20 UTC
CVE

CVE-2025-0287