CVE-2025-0286
Published: 03 March 2025
Summary
CVE-2025-0286 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Paragon-Software Paragon Backup \& Recovery. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates timely remediation of software flaws, such as applying Paragon's patch for the input validation failure in biontdrv.sys that enables arbitrary kernel memory writes.
Requires validation of user-supplied data quantities like lengths to prevent malformed inputs from overwriting kernel memory via the driver.
Implements memory safeguards to restrict unauthorized kernel memory writes exploited by insufficient input validation in biontdrv.sys.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a local arbitrary kernel memory write in a driver that enables kernel-level arbitrary code execution without privileges, directly mapping to exploitation for privilege escalation to achieve full system compromise.
NVD Description
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim…
more
machine.
Deeper analysisAI
CVE-2025-0286 is an arbitrary kernel memory write vulnerability in the biontdrv.sys driver, affecting various Paragon Software products, particularly those in the Hard Disk Manager product line. The flaw stems from a failure to properly validate the length of user-supplied data, enabling attackers to overwrite kernel memory and execute arbitrary code with kernel-level privileges. It carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-1284 (Improper Validation of Specified Quantity in Input). The vulnerability was published on March 3, 2025.
A local attacker with access to the victim system can exploit this vulnerability without requiring privileges or user interaction. By supplying malformed data to the driver, the attacker can achieve arbitrary code execution in kernel mode, potentially leading to full system compromise, including high-impact confidentiality, integrity, and availability violations.
Paragon Software has released a security patch specifically addressing the biontdrv.sys driver vulnerability across all Hard Disk Manager products, as detailed in their support article. Additional guidance is available from the CERT Coordination Center vulnerability note and Paragon's patches support page, recommending immediate application of the update to mitigate the issue.
Details
- CWE(s)