CVE-2025-0287
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2Tags
Description
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.
Analysis
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation. Affected products include: Paragon-Software Paragon Backup \& Recovery, Paragon-Software Paragon Disk Wiper, Paragon-Software Paragon Drive Copy, Paragon-Software Paragon Hard Disk Manager, Paragon-Software Paragon Migrate Os To Ssd.
Affected Products
Paragon-Software Paragon Backup \& Recovery, Paragon-Software Paragon Disk Wiper, Paragon-Software Paragon Drive Copy, Paragon-Software Paragon Hard Disk Manager, Paragon-Software Paragon Migrate Os To Ssd.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today