CVE-2025-0288
CVE-2025-0288
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
03 Mar 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Paragon Software · Backup and RecoveryParagon Software · Disk WiperParagon Software · Drive CopyParagon Software · Hard Disk ManagerParagon Software · Migrate OS to SSDParagon Software · Partition ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →