CVE-2025-0288

Name of the Vulnerable Software and Affected Versions Paragon Partition Manager version 7.9.1

Description The issue concerns an arbitrary kernel memory vulnerability facilitated by the memmove function, which does not validate or sanitize user-controlled input, allowing an attacker to write arbitrary kernel memory and perform privilege escalation. This vulnerability is exploited by ransomware operators to elevate privileges, execute arbitrary commands, and potentially seize control of entire systems. The affected driver is Biontdrv.sys, part of several Paragon products, including Hard Disk Manager and Partition Manager. The vulnerability enables attackers to escalate their privileges to system-level access, leaving users highly vulnerable to data breaches and loss.

Recommendations For Paragon Partition Manager version 7.9.1, update the Biontdrv.sys driver to version 2.0.0 to address the arbitrary kernel memory access issue. Ensure all impacted Paragon applications are updated to the latest versions or apply the respective patches. As a temporary workaround, consider restricting access to the Biontdrv.sys driver to minimize the risk of exploitation.