汇总 paragon-software 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 输入验证问题与内存损坏 等问题,部分漏洞可能导致 异常行为,并影响 生产负载与软件部署 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-0289 | Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service. | [email protected] | 7.8 | 0.31% | 2025-03-03 | 2026-06-17 |
| CVE-2025-0288 | Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation. | [email protected] | 7.8 | 0.46% | 2025-03-03 | 2026-06-17 |
| CVE-2025-0287 | Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation. | [email protected] | 5.1 | 0.34% | 2025-03-03 | 2026-06-17 |
| CVE-2025-0286 | Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine. | [email protected] | 8.4 | 0.36% | 2025-03-03 | 2026-06-17 |
| CVE-2025-0285 | Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits. | [email protected] | 7.8 | 0.31% | 2025-03-03 | 2026-06-17 |