CVE-2025-0288

CVE-2025-0288 is an arbitrary kernel memory write vulnerability in the biontdrv.sys driver, affecting various Paragon Software products, particularly those in the Hard Disk Manager product line. The flaw arises from the memmove function failing to validate or sanitize user-controlled input, enabling attackers to overwrite kernel memory. Published on March 3, 2025, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows arbitrary kernel memory writes, facilitating privilege escalation to kernel-level access and potential full system compromise.

Paragon Software has released a security patch specifically addressing the biontdrv.sys driver in all Hard Disk Manager product line products, as detailed in their support article. The CERT/CC vulnerability note (VU#726882) provides additional guidance, and users should check Paragon's support page for available patches to mitigate the issue.