cbcvebase.
CVE-2025-0285
published 2025-03-03

CVE-2025-0285: Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate…

PriorityP185high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
0.31%
22.7th percentile
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.

Affected

12 ranges
VendorProductVersion rangeFixed in
paragon-softwareparagon_backup_recovery15 – 17.39
paragon-softwareparagon_disk_wiper15 – 16
paragon-softwareparagon_drive_copy15 – 16
paragon-softwareparagon_hard_disk_manager15 – 17.39
paragon-softwareparagon_migrate_os_to_ssd4 – 5
paragon-softwareparagon_partition_manager15 – 17.39
paragon_softwarebackup_and_recovery15 – 17.39
paragon_softwaredisk_wiper15 – 16
paragon_softwarehard_disk_manager15 – 17.39
paragon_softwaremigrate_os_to_ssd4 – 5
paragon_softwareparagon_drive_copy15 – 16
paragon_softwarepartition_manager15 – 17.39

Detection & IOCsextracted from sources · hover to see the quote

filenamebiontdrv.sys
  • CVE-2025-0285 is actively exploited in BYOVD (Bring Your Own Vulnerable Driver) attacks by ransomware gangs to gain Windows SYSTEM privileges via the vulnerable biontdrv.sys driver.
  • ·CVE-2025-0285 is one of five related vulnerabilities in Paragon Partition Manager (CVE-2025-0285 through CVE-2025-0289); detection logic should cover all five CVEs as they share the same vulnerable driver (biontdrv.sys) and attack vector.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.