Overview
A critical security vulnerability, identified as CVE-2025-64693, has been discovered in the Security Point component of both MaLion and MaLionCloud for Windows. This vulnerability is a heap-based buffer overflow that occurs during the processing of the Content-Length header in HTTP requests. A remote, unauthenticated attacker can exploit this flaw to achieve arbitrary code execution with SYSTEM privileges on the affected system. This poses a significant risk to organizations using these products.
Technical Details
CVE-2025-64693 stems from insufficient validation of the Content-Length header value when processing incoming HTTP requests within the Security Point component. By sending a specially crafted request with an excessively large Content-Length, an attacker can trigger a heap-based buffer overflow. This overflow allows the attacker to overwrite critical memory regions, ultimately leading to the execution of arbitrary code. The fact that this can be done by an unauthenticated attacker makes this vulnerability especially dangerous.
Specifically, the vulnerable code fails to properly allocate sufficient buffer space based on the provided Content-Length value. This allows the attacker to write beyond the allocated buffer boundaries, corrupting adjacent memory structures.
CVSS Analysis
Currently, the Common Vulnerability Scoring System (CVSS) score for CVE-2025-64693 is not available (N/A). However, given the potential for remote, unauthenticated code execution with SYSTEM privileges, it is highly likely that this vulnerability will receive a CVSS score of 9.0 or higher, classifying it as Critical. We will update this section as soon as the official CVSS score is released.
Possible Impact
The successful exploitation of CVE-2025-64693 can have severe consequences, including:
- Complete System Compromise: An attacker can gain full control of the affected Windows system, including access to sensitive data and the ability to install malware.
- Data Breach: Sensitive data stored on the compromised system can be exfiltrated by the attacker.
- Denial of Service: The vulnerability can be exploited to crash the affected system, leading to a denial of service.
- Lateral Movement: An attacker can use the compromised system as a stepping stone to attack other systems on the network.
Mitigation or Patch Steps
The primary mitigation strategy is to apply the patch released by Intercom. Follow these steps:
- Identify Affected Systems: Determine which systems are running vulnerable versions of MaLion or MaLionCloud with the Security Point component enabled.
- Apply the Patch: Download and install the latest security patch from Intercom’s website as soon as possible. Refer to the official advisory for detailed instructions.
- Monitor for Suspicious Activity: After patching, continuously monitor systems for any signs of suspicious activity that might indicate attempted exploitation.
- Review Network Security: Ensure that firewalls and intrusion detection systems are properly configured to detect and prevent malicious traffic targeting MaLion and MaLionCloud.
