CVE-2025-0286

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0286
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.
CVSS

No CVSS.

References
Link Resource
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys Vendor Advisory
https://www.kb.cert.org/vuls/id/726882 Third Party Advisory
https://www.paragon-software.com/support/#patches Product
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:paragon-software:paragon_backup_\&_recovery:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*
History

25 Jun 2025, 16:49

Type Values Removed Values Added
First Time Paragon-software paragon Drive Copy
Paragon-software paragon Migrate Os To Ssd
Paragon-software paragon Disk Wiper
Paragon-software
Paragon-software paragon Partition Manager
Paragon-software paragon Backup \& Recovery
Paragon-software paragon Hard Disk Manager
CWE CWE-1284
References () https://www.kb.cert.org/vuls/id/726882 - () https://www.kb.cert.org/vuls/id/726882 - Third Party Advisory
References () https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys - () https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys - Vendor Advisory
References () https://www.paragon-software.com/support/#patches - () https://www.paragon-software.com/support/#patches - Product
CPE cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_backup_\&_recovery:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*
cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*

14 Apr 2025, 21:15

Type Values Removed Values Added
Summary Paragon Partition Manager version 17.9.1 contains an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine. Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.

27 Mar 2025, 19:15

Type Values Removed Values Added
References
  • () https://www.paragon-software.com/support/#patches -
Summary Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine. Paragon Partition Manager version 17.9.1 contains an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.

03 Mar 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-03 17:15

Updated : 2025-06-25 16:49

NVD link : CVE-2025-0286

Mitre link : CVE-2025-0286

JSON object : View

Products Affected

paragon-software

  • paragon_disk_wiper
  • paragon_migrate_os_to_ssd
  • paragon_backup_\&_recovery
  • paragon_hard_disk_manager
  • paragon_drive_copy
  • paragon_partition_manager
CWE
CWE-1284

Improper Validation of Specified Quantity in Input