CVE-2025-62691_CVE-2025-62691

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege.

AI Analysis

Stack-based buffer overflow vulnerability in Security Point (Windows) of MaLion and MaLionCloud, allowing arbitrary code execution with SYSTEM privilege via a specially crafted HTTP request.

Basic Information

ID CVE-2025-62691

Source jpcert

Published Nov 25, 2025 at 07:21

Affected Product

Vendor Intercom, Inc.

Product Security Point (Windows) of MaLion

Version prior to Ver.7.1.1.9

Affected Versions Intercom, Inc. Security Point (Windows) of MaLion prior to Ver.7.1.1.9
Intercom, Inc. Security Point (Windows) of MaLionCloud prior to Ver.7.2.0.1

CWE Classification

CWE-121

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Intercom, Inc.

Product Security Point (Windows) of MaLion and MaLionCloud

Version prior to Ver.7.1.1.9, prior to Ver.7.2.0.1

References

{
    "lastseen": "",
    "description": "Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege.",
    "published": "2025-11-25T07:21:02.412Z",
    "modified": "2025-11-25T07:21:02.412Z",
    "type": "cve",
    "title": "CVE-2025-62691",
    "source": "jpcert",
    "references": "https://www.intercom.co.jp/information/2025/1125.html\nhttps://jvn.jp/en/jp/JVN76298784/",
    "id": "CVE-2025-62691",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "Intercom, Inc. Security Point (Windows) of MaLion prior to Ver.7.1.1.9\nIntercom, Inc. Security Point (Windows) of MaLionCloud prior to Ver.7.2.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Security Point (Windows) of MaLion",
    "version": "prior to Ver.7.1.1.9",
    "vendor": "Intercom, Inc.",
    "ai_description": "Stack-based buffer overflow vulnerability in Security Point (Windows) of MaLion and MaLionCloud, allowing arbitrary code execution with SYSTEM privilege via a specially crafted HTTP request.",
    "ai_severity": "Critical",
    "ai_vendor": "Intercom, Inc.",
    "ai_product": "Security Point (Windows) of MaLion and MaLionCloud",
    "ai_version": "prior to Ver.7.1.1.9, prior to Ver.7.2.0.1",
    "ai_score": 9.3
}