CVE-2025-64693
📋 TL;DR
A heap-based buffer overflow vulnerability in MaLion and MaLionCloud's Windows Security Point component allows remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges by sending specially crafted requests. This affects all systems running vulnerable versions of these products. The high CVSS score reflects the ease of exploitation and severe impact.
💻 Affected Systems
- MaLion
- MaLionCloud
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM privileges leading to data theft, ransomware deployment, or persistent backdoor installation across the network.
Likely Case
Remote code execution allowing attackers to install malware, exfiltrate sensitive data, or pivot to other systems in the network.
If Mitigated
Limited impact if network segmentation prevents external access and endpoint protection blocks exploit attempts.
🎯 Exploit Status
The vulnerability requires sending a specially crafted request with manipulated Content-Length header. No authentication is required, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest security update from vendor
Vendor Advisory: https://www.intercom.co.jp/information/2025/1125.html
Restart Required: Yes
Instructions:
1. Download the latest security update from the vendor's website. 2. Apply the patch to all affected systems. 3. Restart the Security Point service or reboot systems as required. 4. Verify the patch is applied successfully.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to MaLion/MaLionCloud Security Point to only trusted IP addresses
Use firewall rules to block external access to the service port
Disable Service if Not Critical
windowsTemporarily disable the Security Point component if not essential for operations
sc stop "MaLion Security Point"
sc config "MaLion Security Point" start= disabled
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to the vulnerable service
- Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts and block suspicious activities
🔍 How to Verify
Check if Vulnerable:
Check the installed version of MaLion/MaLionCloud against the vendor's advisory. Systems running versions prior to the security update are vulnerable.Check Version:
Check the application's about/version information in the GUI or examine installed programs in Control PanelVerify Fix Applied:
Verify the patch version is installed and the service is running the updated binary. Check vendor documentation for specific version numbers.📡 Detection & Monitoring
Log Indicators:
- Unusual network connections to the Security Point service
- Multiple failed requests with manipulated Content-Length headers
- Process creation anomalies from the MaLion service
Network Indicators:
- Unusual traffic patterns to the Security Point service port
- Requests with abnormally large or malformed Content-Length headers
SIEM Query:
source="MaLion" AND (event_type="buffer_overflow" OR content_length>1000000 OR process_name="cmd.exe" OR process_name="powershell.exe")