Paragon Software Backup And Recovery vulnerabilities
5 known vulnerabilities affecting paragon_software/backup_and_recovery.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
5
Severity breakdown
HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-0288P1HIGHCVSS 7.8ExploitedPoCRansomware≥ 15, ≤ 17.392025-03-03
CVE-2025-0288 [HIGH] CVE-2025-0288: Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.s
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
nvd
CVE-2025-0285P1HIGHCVSS 7.8ExploitedRansomware≥ 15, ≤ 17.392025-03-03
CVE-2025-0285 [HIGH] CWE-1284 CVE-2025-0285: Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within bi
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.
nvd
CVE-2025-0286P1HIGHCVSS 8.4ExploitedRansomware≥ 15, ≤ 17.392025-03-03
CVE-2025-0286 [HIGH] CWE-1284 CVE-2025-0286: Various Paragon Software products contain an arbitrary kernel memory write vulnerability within bion
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.
nvd
CVE-2025-0289P1HIGHCVSS 7.8ExploitedRansomware≥ 15, ≤ 17.392025-03-03
CVE-2025-0289 [HIGH] CVE-2025-0289: Various Paragon Software products contain an insecure kernel resource access vulnerability facilitat
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
nvd
CVE-2025-0287P1MEDIUMCVSS 5.1ExploitedRansomware≥ 15, ≤ 17.392025-03-03
CVE-2025-0287 [MEDIUM] CWE-476 CVE-2025-0287: Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.s
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.
nvd