CVE-2025-0285
Published: 03 March 2025
Summary
CVE-2025-0285 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Paragon-Software Paragon Backup \& Recovery. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the vulnerability by requiring identification, reporting, and timely patching of the flaw in biontdrv.sys as recommended by Paragon and CERT/CC.
Mandates information input validation mechanisms at system interfaces to counter the failure to validate user-supplied data lengths leading to arbitrary kernel memory mapping.
Implements controls to protect kernel memory from unauthorized access and compromise, mitigating the impact of arbitrary kernel memory mapping exploits.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a local kernel driver flaw enabling arbitrary kernel memory mapping for privilege escalation from low-privileged user context.
NVD Description
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.
Deeper analysisAI
CVE-2025-0285 is an arbitrary kernel memory mapping vulnerability in the biontdrv.sys driver, affecting various Paragon Software products, including those in the Hard Disk Manager product line. The flaw arises from a failure to properly validate the length of user-supplied data (CWE-1284), enabling potential privilege escalation exploits. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability by supplying malformed data to the driver, allowing arbitrary kernel memory mapping. Successful exploitation leads to privilege escalation, providing high impacts on confidentiality, integrity, and availability.
Paragon Software has issued a security patch for biontdrv.sys across all Hard Disk Manager products, as outlined in their advisory. Further details on mitigation are available from CERT/CC (VU#726882) and Paragon's support patches page, recommending immediate application of the update to affected systems.
Details
- CWE(s)