CVE-2025-0289
Published: 03 March 2025
Summary
CVE-2025-0289 is a high-severity an unspecified weakness vulnerability in Paragon-Software Paragon Backup \& Recovery. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the specific pointer validation flaw in the biontdrv.sys driver via the vendor-released patch.
Mandates validation of critical inputs like the MappedSystemVa pointer before passing to kernel functions such as HalReturnToFirmware.
Provides memory protection mechanisms that mitigate kernel compromise from invalid pointer handling in drivers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local kernel driver vulnerability (biontdrv.sys) that fails to validate a pointer before use, enabling arbitrary kernel code execution from low-privileged local access and leading to full system compromise; this directly maps to exploitation for privilege escalation.
NVD Description
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
Deeper analysisAI
CVE-2025-0289 is an insecure kernel resource access vulnerability affecting various Paragon Software products, particularly the biontdrv.sys driver in the Hard Disk Manager product line. The issue arises because the driver fails to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware, enabling potential kernel-level compromise. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation allows the attacker to compromise the affected service, potentially leading to full system control through arbitrary kernel code execution or resource manipulation.
Paragon Software has released a security patch specifically addressing the biontdrv.sys driver vulnerability across all Hard Disk Manager products, as detailed in their support article. Additional guidance is available from the CERT/CC vulnerability note and Paragon's patches page, recommending immediate application of the update to mitigate the issue.
Details
- CWE(s)