PT-2025-9249 · Paragon · Paragon Partition Manager
Published
2025-02-28
·
Updated
2026-04-14
·
CVE-2025-0287
CVSS v3.1
5.1
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Paragon Partition Manager version 7.9.1
Description
The issue is caused by a null pointer dereference vulnerability within biontdrv.sys, resulting from a lack of a valid MasterLrp structure in the input buffer. This allows an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.
Recommendations
For Paragon Partition Manager version 7.9.1, consider disabling the biontdrv.sys driver until a patch is available to prevent potential exploitation. Restrict access to the kernel to minimize the risk of arbitrary code execution. Avoid using the input buffer without a valid MasterLrp structure to mitigate the risk of null pointer dereference.
Fix
LPE
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Paragon Partition Manager