CVE-2025-0286
BioNTdrv.sys — arbitrary kernel memory write allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | BioNTdrv.sys (Paragon Partition Manager) |
| Vulnerability Class | Arbitrary Kernel Write |
| Exploited ITW | No |
| Vendor | Paragon Software |
Root Cause
The Paragon Partition Manager driver exposes an IOCTL that writes to arbitrary kernel memory addresses without validation. One of five vulnerabilities in BioNTdrv.sys (alongside CVE-2025-0285, CVE-2025-0287, CVE-2025-0288, CVE-2025-0289).
Exploitation
The attacker opens the BioNTdrv device and sends write IOCTLs targeting kernel memory. Direct kernel write provides a complete privilege escalation primitive.
Exploitation Primitive
Open device handle → write IOCTL
→ arbitrary kernel memory write → SYSTEM