CVE-2025-0289
Published: 03 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-0289 is an insecure kernel resource access vulnerability affecting various Paragon Software products, particularly the biontdrv.sys driver in the Hard Disk Manager product line. The issue arises because the driver fails to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware, enabling potential kernel-level compromise. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation allows the attacker to compromise the affected service, potentially leading to full system control through arbitrary kernel code execution or resource manipulation.
Paragon Software has released a security patch specifically addressing the biontdrv.sys driver vulnerability across all Hard Disk Manager products, as detailed in their support article. Additional guidance is available from the CERT/CC vulnerability note and Paragon's patches page, recommending immediate application of the update to mitigate the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a local kernel driver vulnerability (biontdrv.sys) that fails to validate a pointer before use, enabling arbitrary kernel code execution from low-privileged local access and leading to full system compromise; this directly maps to exploitation for privilege escalation.