CVE-2025-59485 is a security vulnerability identified in the Windows client of Security Point, a product of Intercom, Inc. integrated within the MaLion suite, affecting versions prior to 5.3.4. The root cause is incorrect default permissions on a specific folder used by the product, which allows any user who can log into the system to place arbitrary files there. An attacker can exploit this by placing a specially crafted Dynamic Link Library (DLL) file in the folder. When the product loads this DLL, it executes the code contained within with SYSTEM-level privileges, effectively allowing privilege escalation from a low-privileged user to full system control. The vulnerability does not require user interaction and has a low complexity of attack since the attacker only needs valid login credentials on the affected system. The CVSS v3.0 score is 3.3, reflecting the local attack vector and the requirement for low privileges but no confidentiality or availability impact. No known exploits have been reported in the wild as of the publication date. The vulnerability is significant because SYSTEM privilege escalation can lead to complete compromise of the affected endpoint, enabling attackers to bypass security controls, install persistent malware, or move laterally within a network. The vendor has addressed this issue in version 5.3.4 by correcting the folder permissions to prevent unauthorized file placement.

For European organizations, this vulnerability poses a risk primarily to endpoints running the affected version of Security Point (Windows) of MaLion. Successful exploitation allows an authenticated local user to escalate privileges to SYSTEM, potentially leading to full system compromise. This can facilitate further attacks such as lateral movement, data exfiltration, or disruption of services. Organizations with sensitive or critical infrastructure relying on this product could face operational and reputational damage. Although the CVSS score is low, the impact on integrity is high due to privilege escalation. Confidentiality and availability impacts are not directly indicated but could result indirectly from a full system compromise. The threat is more relevant in environments where multiple users have login access to the same systems, such as shared workstations or terminal servers. The lack of known exploits reduces immediate risk but does not eliminate the need for proactive mitigation.

1. Upgrade all affected instances of Security Point (Windows) of MaLion to version 5.3.4 or later, where the permission issue is fixed. 2. Until patching is complete, manually audit and restrict permissions on the specific folder to prevent unauthorized file placement. 3. Implement strict access controls to limit the number of users with login access to systems running the vulnerable software. 4. Monitor file system changes in the relevant folder for suspicious DLL files or unexpected modifications. 5. Employ endpoint detection and response (EDR) solutions to detect unusual process executions or privilege escalations. 6. Conduct user awareness training to reduce the risk of credential misuse. 7. Regularly review and update security policies related to local user privileges and software installation. 8. Consider application whitelisting to prevent unauthorized DLL loading. These steps go beyond generic advice by focusing on the specific folder permissions and local user access context.