CVE-2025-0288
Published: 03 March 2025
Summary
CVE-2025-0288 is a high-severity an unspecified weakness vulnerability in Paragon-Software Paragon Backup \& Recovery. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-0288 by requiring timely application of the Paragon-released security patch for the vulnerable biontdrv.sys driver.
Addresses the root cause of the vulnerability by enforcing validation and sanitization of user-controlled inputs to the kernel driver before processing with functions like memmove.
Protects kernel memory areas from unauthorized modification via arbitrary writes exploited through the unsanitized memmove operation in biontdrv.sys.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary kernel memory write in a driver directly enables local privilege escalation to kernel-level access.
NVD Description
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
Deeper analysisAI
CVE-2025-0288 is an arbitrary kernel memory write vulnerability in the biontdrv.sys driver, affecting various Paragon Software products, particularly those in the Hard Disk Manager product line. The flaw arises from the memmove function failing to validate or sanitize user-controlled input, enabling attackers to overwrite kernel memory. Published on March 3, 2025, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows arbitrary kernel memory writes, facilitating privilege escalation to kernel-level access and potential full system compromise.
Paragon Software has released a security patch specifically addressing the biontdrv.sys driver in all Hard Disk Manager product line products, as detailed in their support article. The CERT/CC vulnerability note (VU#726882) provides additional guidance, and users should check Paragon's support page for available patches to mitigate the issue.
Details
- CWE(s)