Here the security analysts at Carnegie Mellon University noted that the most concerning aspect of these vulnerabilities is that they can be exploited even if Paragon Partition Manager isn’t installed on the target system, through a technique known as Bring Your Own Vulnerable Driver (BYOVD). Five critical memory vulnerabilities in Paragon Partition Manager’s BioNTdrv.sys driver have been discovered, allowing attackers to escalate privileges and cause denial-of-service conditions on affected systems. The discovered flaws include arbitrary kernel memory mapping and write vulnerabilities, a null pointer dereference issue, insecure kernel resource access, and an arbitrary memory move vulnerability. Security researchers have detected that CVE-2025-0286 represents an arbitrary kernel memory write vulnerability in version 7.9.1, which occurs due to improper validation of user-supplied data lengths. Paragon Software has responded to these security concerns by releasing an updated driver, BioNTdrv.sys version 2.0.0, which addresses all five vulnerabilities. Similarly, CVE-2025-0289 involves insecure kernel resource access in version 17, caused by failure to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware, effectively allowing attackers to compromise the affected service. Security administrators should prioritize applying the driver blocklist across their environments and implement comprehensive endpoint monitoring to detect attempts to load vulnerable drivers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerabilities, identified in versions prior to 2.0.0, were officially disclosed on February 28, 2025, by the CERT Coordination Center, following reports from Microsoft about active exploitation in ransomware campaigns. This allows attackers to write to arbitrary locations in kernel memory, potentially compromising the entire system. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. These security issues have been assigned five distinct CVE identifiers: CVE-2025-0285, CVE-2025-0286, CVE-2025-0287, CVE-2025-0288, and CVE-2025-0289.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 03 Mar 2025 19:35:26 +0000