ГлавнаяУязвимости → CVE-2025-0288
7.8высокая

CVE-2025-0288

Описание

Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.

Затрагиваемое ПО
Paragon-software Paragon backup \& recoveryParagon-software Paragon disk wiperParagon-software Paragon drive copyParagon-software Paragon hard disk managerParagon-software Paragon migrate os to ssdParagon-software Paragon partition manager
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-syshttps://www.kb.cert.org/vuls/id/726882https://www.paragon-software.com/support/#patches