CVE-2025-0288

HIGH EXPLOITED RANSOMWARE

Paragon Software - Memory Corruption

Title source: llm

Description

Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.

Exploits (2)

nomisec WORKING POC 1 stars

by MeisamEb · local

https://github.com/MeisamEb/CVE-2025-0288

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by barhen12 · local

https://github.com/barhen12/CVE-2025-0288

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys

[Third Party Advisory] https://www.kb.cert.org/vuls/id/726882

[Product] https://www.paragon-software.com/support/#patches

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 27.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-06-05

Ransomware Use Confirmed

Status published

Products (6)

paragon-software/paragon_backup_\&_recovery 15 - 17.39

paragon-software/paragon_disk_wiper 15 - 16

paragon-software/paragon_drive_copy 15 - 16

paragon-software/paragon_hard_disk_manager 15 - 17.39

paragon-software/paragon_migrate_os_to_ssd 4 - 5

paragon-software/paragon_partition_manager 15 - 17.39

Published Mar 03, 2025

Tracked Since Feb 18, 2026