CVE-2025-62691 is a stack-based buffer overflow vulnerability identified in the Security Point (Windows) component of MaLion, a product by Intercom, Inc. The flaw exists in the way the software processes HTTP headers, where a specially crafted HTTP request can overflow a stack buffer. This overflow enables an attacker to overwrite control data on the stack, leading to arbitrary code execution. The vulnerability is remotely exploitable without any authentication or user interaction, allowing an unauthenticated attacker to execute code with SYSTEM-level privileges, effectively gaining full control over the affected system. The vulnerability affects all versions prior to 7.1.1.9, and no patches or mitigations are explicitly listed in the provided data, though it is implied that upgrading to 7.1.1.9 or later would resolve the issue. The CVSS v3.0 score of 9.8 reflects the critical nature of the vulnerability, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality (C:H), integrity (I:H), and availability (A:H). Although no known exploits have been reported in the wild yet, the vulnerability's characteristics make it a prime candidate for exploitation by threat actors seeking to compromise enterprise environments. The vulnerability could be leveraged to deploy malware, ransomware, or conduct espionage by gaining persistent SYSTEM-level access.

For European organizations, the impact of CVE-2025-62691 is severe. Exploitation could lead to complete system compromise, allowing attackers to steal sensitive data, disrupt operations, or deploy ransomware. Critical infrastructure, government agencies, and enterprises relying on MaLion Security Point for network security are at heightened risk. The SYSTEM-level code execution means attackers can bypass most security controls, disable defenses, and move laterally within networks. This could result in significant financial losses, reputational damage, and regulatory penalties under GDPR if personal data is compromised. The vulnerability's remote and unauthenticated nature increases the attack surface, making perimeter defenses insufficient without proper patching and network segmentation. Given the criticality, organizations may face targeted attacks aiming to exploit this flaw for espionage or sabotage, especially in sectors like finance, energy, and public administration.

Organizations should immediately verify their use of Intercom, Inc.'s Security Point (Windows) of MaLion and identify versions prior to 7.1.1.9. The primary mitigation is to upgrade to version 7.1.1.9 or later where the vulnerability is patched. In the absence of an official patch, organizations should implement network-level protections such as blocking or filtering suspicious HTTP headers at firewalls or intrusion prevention systems to prevent malformed requests from reaching vulnerable systems. Employ strict network segmentation to isolate Security Point servers from untrusted networks. Monitor network traffic for anomalous HTTP requests that could indicate exploitation attempts. Enable and review detailed logging on affected systems to detect early signs of compromise. Additionally, implement application whitelisting and endpoint detection and response (EDR) solutions to detect and prevent execution of unauthorized code. Conduct regular vulnerability scanning and penetration testing focused on this vulnerability. Finally, prepare incident response plans tailored to potential exploitation scenarios of this vulnerability.