MidnightBSD

Advisories for paragon-software

CVE-2025-0285

Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
paragon-software paragon_backup_&_recovery *
paragon-software paragon_hard_disk_manager *
paragon-software paragon_migrate_os_to_ssd *
paragon-software paragon_drive_copy *
paragon-software paragon_disk_wiper *
paragon-software paragon_partition_manager *
CVE-2025-0286

Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
paragon-software paragon_backup_&_recovery *
paragon-software paragon_hard_disk_manager *
paragon-software paragon_migrate_os_to_ssd *
paragon-software paragon_drive_copy *
paragon-software paragon_disk_wiper *
paragon-software paragon_partition_manager *
CVE-2025-0287

Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.5 2.5

Products Affected

Vendor Product Version
paragon-software paragon_backup_&_recovery *
paragon-software paragon_hard_disk_manager *
paragon-software paragon_migrate_os_to_ssd *
paragon-software paragon_drive_copy *
paragon-software paragon_disk_wiper *
paragon-software paragon_partition_manager *
CVE-2025-0288

Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
paragon-software paragon_backup_&_recovery *
paragon-software paragon_hard_disk_manager *
paragon-software paragon_migrate_os_to_ssd *
paragon-software paragon_drive_copy *
paragon-software paragon_disk_wiper *
paragon-software paragon_partition_manager *
CVE-2025-0289

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
paragon-software paragon_backup_&_recovery *
paragon-software paragon_hard_disk_manager *
paragon-software paragon_migrate_os_to_ssd *
paragon-software paragon_drive_copy *
paragon-software paragon_disk_wiper *
paragon-software paragon_partition_manager *