Login Sign Up

CVE-2025-0288

7.8 HIGH

📋 TL;DR

This vulnerability in Paragon Software's Hard Disk Manager product line allows attackers to write arbitrary kernel memory through the biontdrv.sys driver. Successful exploitation enables privilege escalation from user to kernel mode. All users of affected Paragon Software products are at risk.

💻 Affected Systems

Products:
  • Paragon Hard Disk Manager
  • Paragon Backup & Recovery
  • Paragon Partition Manager
  • Other Paragon disk management products
Versions: All versions prior to security patch
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to system; affects all Windows versions supported by Paragon products

📦 What is this software?

Paragon Backup \& Recovery by Paragon Software

View all CVEs affecting Paragon Backup \& Recovery →

Paragon Disk Wiper by Paragon Software

View all CVEs affecting Paragon Disk Wiper →

Paragon Drive Copy by Paragon Software

View all CVEs affecting Paragon Drive Copy →

Paragon Hard Disk Manager by Paragon Software

View all CVEs affecting Paragon Hard Disk Manager →

Paragon Migrate Os To Ssd by Paragon Software

View all CVEs affecting Paragon Migrate Os To Ssd →

Paragon Partition Manager by Paragon Software

View all CVEs affecting Paragon Partition Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, enabling persistent backdoors, data theft, and disabling of security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to gain SYSTEM/root privileges on compromised machines.

🟢

If Mitigated

Limited impact if systems are patched and have proper endpoint protection with driver signature enforcement.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to load/execute code; kernel driver vulnerabilities typically require some technical sophistication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest security update from Paragon

Vendor Advisory: https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys

Restart Required: Yes

Instructions:

1. Visit Paragon support page. 2. Download latest security patch. 3. Install patch. 4. Restart system. 5. Verify biontdrv.sys driver version is updated.

🔧 Temporary Workarounds

Disable or remove vulnerable driver

windows

Remove or disable the biontdrv.sys driver to prevent exploitation

sc stop biontdrv
sc delete biontdrv
Remove biontdrv.sys from System32\drivers

Enable driver signature enforcement

windows

Enforce driver signature requirements to prevent loading of unauthorized drivers

bcdedit /set testsigning off
bcdedit /set nointegritychecks off

🧯 If You Can't Patch

  • Restrict local access to vulnerable systems and implement strict privilege separation
  • Deploy endpoint detection that monitors for suspicious driver loading and kernel memory writes

🔍 How to Verify

Check if Vulnerable:

Check if biontdrv.sys driver exists in System32\drivers and verify version against patched releases

Check Version:

powershell Get-Item C:\Windows\System32\drivers\biontdrv.sys | Select-Object VersionInfo

Verify Fix Applied:

Verify biontdrv.sys file version matches patched version from Paragon advisory

📡 Detection & Monitoring

Log Indicators:

  • Event ID 7045: Service installation for biontdrv
  • Driver load events in security logs
  • Unexpected kernel memory write operations

Network Indicators:

  • None - local exploitation only

SIEM Query:

source="windows" (event_id=7045 AND service_name="biontdrv") OR (process_name="biontdrv.sys")

📊 Metadata

CVE ID: CVE-2025-0288
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.04% exploit probability (12.9th percentile)
Published: March 3, 2025
Last Updated: June 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON