CVE-2025-64693_CVE-2025-64693

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege.

AI Analysis

Heap-based buffer overflow vulnerability in Security Point (Windows) of MaLion and MaLionCloud, allowing arbitrary code execution with SYSTEM privilege.

Basic Information

ID CVE-2025-64693

Source jpcert

Published Nov 25, 2025 at 07:21

Affected Product

Vendor Intercom, Inc.

Product Security Point (Windows) of MaLion

Version prior to Ver.7.1.1.9

Affected Versions Intercom, Inc. Security Point (Windows) of MaLion prior to Ver.7.1.1.9
Intercom, Inc. Security Point (Windows) of MaLionCloud prior to Ver.7.2.0.1

CWE Classification

CWE-122

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Intercom, Inc.

Product Security Point (Windows) of MaLion and MaLionCloud

Version prior to Ver.7.1.1.9, prior to Ver.7.2.0.1

References

{
    "lastseen": "",
    "description": "Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege.",
    "published": "2025-11-25T07:21:10.593Z",
    "modified": "2025-11-25T07:21:10.593Z",
    "type": "cve",
    "title": "CVE-2025-64693",
    "source": "jpcert",
    "references": "https://www.intercom.co.jp/information/2025/1125.html\nhttps://jvn.jp/en/jp/JVN76298784/",
    "id": "CVE-2025-64693",
    "bulletinFamily": "",
    "cwe": [
        "CWE-122"
    ],
    "cvelist": null,
    "sourceData": "Intercom, Inc. Security Point (Windows) of MaLion prior to Ver.7.1.1.9\nIntercom, Inc. Security Point (Windows) of MaLionCloud prior to Ver.7.2.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Security Point (Windows) of MaLion",
    "version": "prior to Ver.7.1.1.9",
    "vendor": "Intercom, Inc.",
    "ai_description": "Heap-based buffer overflow vulnerability in Security Point (Windows) of MaLion and MaLionCloud, allowing arbitrary code execution with SYSTEM privilege.",
    "ai_severity": "Critical",
    "ai_vendor": "Intercom, Inc.",
    "ai_product": "Security Point (Windows) of MaLion and MaLionCloud",
    "ai_version": "prior to Ver.7.1.1.9, prior to Ver.7.2.0.1",
    "ai_score": 9.3
}