CVE-2025-62691
📋 TL;DR
This critical vulnerability in MaLion and MaLionCloud Security Point for Windows allows remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges by sending specially crafted HTTP requests. The stack-based buffer overflow in HTTP header processing affects all systems running vulnerable versions of these security products. Attackers can completely compromise affected systems without any authentication.
💻 Affected Systems
- MaLion Security Point
- MaLionCloud Security Point
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM privileges leading to data theft, ransomware deployment, lateral movement, and persistent backdoor installation across the network.
Likely Case
Remote code execution leading to malware installation, credential harvesting, and initial access for further network exploitation.
If Mitigated
Limited impact if network segmentation, strict firewall rules, and intrusion prevention systems block malicious HTTP traffic before reaching vulnerable endpoints.
🎯 Exploit Status
The vulnerability requires sending specially crafted HTTP requests but does not require authentication. Given the high CVSS score and SYSTEM privilege escalation, weaponization is highly likely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest security update from vendor
Vendor Advisory: https://www.intercom.co.jp/information/2025/1125.html
Restart Required: Yes
Instructions:
1. Download the latest security update from Intercom's official website. 2. Apply the patch to all affected MaLion and MaLionCloud Security Point installations. 3. Restart the Security Point service or reboot systems as required.
🔧 Temporary Workarounds
Network Segmentation and Firewall Rules
allRestrict network access to Security Point HTTP interfaces to only trusted sources
Disable Unnecessary HTTP Services
windowsIf HTTP functionality is not required, disable the vulnerable HTTP processing component
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with the Security Point HTTP interface
- Deploy intrusion prevention systems (IPS) or web application firewalls (WAF) to detect and block malicious HTTP header patterns
🔍 How to Verify
Check if Vulnerable:
Check the installed version of MaLion or MaLionCloud Security Point against the patched version in the vendor advisoryCheck Version:
Check the application version through the MaLion/MaLionCloud management console or Windows Programs and FeaturesVerify Fix Applied:
Verify the Security Point version has been updated to the patched version and test HTTP header processing with safe test requests📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests with malformed headers
- Security Point service crashes or restarts
- Failed authentication attempts followed by successful exploitation
Network Indicators:
- HTTP requests with unusually long or malformed headers to Security Point ports
- Traffic patterns indicating buffer overflow attempts
SIEM Query:
source="malion_logs" AND (http_header_length>threshold OR http_request_contains("overflow_pattern"))