CVE-2025-64693
Received
Published: 25 Nov 2025, 08:15
Last modified:25 Nov 2025, 08:15
Vulnerability Summary
Overall Risk
Medium Risk
39/100 CVSS Score
9.8 CRITICAL
CVSS v3.0 (VULTURES)
EPSS Score
0.23% INFO
0% probability
CISA KEV
Not listed
Ransomware
No reports
Exploits
None found
Dark Web
Not detected
Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege.
Source Identifier: vultures@jpcert.or.jp
| CVSS | Source | Severity | Exploit. | Impact | Vector |
|---|---|---|---|---|---|
| v4.0 | vultures@jpcert.or.jp | 9.3 CRITICAL | NA | NA | CVSS:4.0/AV:N/AC:L/AT:N/P... |
| v3.1 | n/a | ||||
| v3.0 | vultures@jpcert.or.jp | 9.8 CRITICAL | 3.9 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:N/U... |
| v2.0 | n/a | ||||
0.23%
Current Score
45%ile
Percentile Rank
Loading chart...
Loading chart...
Heap-based Buffer Overflow CWE-122
Description:A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Not listed in CISA Known Exploited Vulnerabilities catalog.
No dark web activity detected for this vulnerability.
No known public exploit code indexed (as of 25 Nov 2025, 08:15).
Exploitation status can change quickly once PoC code appears.
No affected systems information available.
| URL | Tags | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN76298784/ | - | vultures@jpcert.or.jp |
| https://www.intercom.co.jp/information/2025/1125.html | - | vultures@jpcert.or.jp |