CVE-2025-62691 is a stack-based buffer overflow vulnerability identified in the Security Point (Windows) component of MaLion, a product by Intercom, Inc. The vulnerability exists in the way HTTP headers are processed, where a specially crafted HTTP request can overflow a stack buffer. This overflow allows an unauthenticated remote attacker to execute arbitrary code with SYSTEM-level privileges, effectively granting full control over the affected system. The vulnerability affects all versions prior to 7.1.1.9. The flaw requires no authentication or user interaction and can be exploited remotely over the network, increasing its severity and ease of exploitation. The CVSS v3.0 score of 9.8 reflects the critical nature of this vulnerability, with high impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability's characteristics make it a prime target for attackers once exploit code becomes available. The vulnerability could be leveraged to compromise enterprise environments, steal sensitive data, disrupt services, or establish persistent footholds. The lack of patches at the time of disclosure necessitates urgent remediation. The vulnerability's presence in a security product that may be deployed in sensitive environments further exacerbates the risk, as compromise could undermine broader organizational security postures.

For European organizations, the impact of CVE-2025-62691 is substantial. Exploitation leads to full SYSTEM-level code execution, enabling attackers to bypass security controls, access sensitive data, disrupt services, or deploy ransomware and other malware. Organizations in critical infrastructure sectors such as energy, finance, healthcare, and government are particularly vulnerable due to their reliance on robust security solutions like MaLion Security Point. A successful attack could result in data breaches, operational downtime, regulatory penalties under GDPR, and reputational damage. The remote, unauthenticated nature of the exploit increases the likelihood of widespread attacks, potentially affecting large numbers of endpoints. Given the product’s role in security, compromise could also facilitate lateral movement and further network penetration, amplifying the overall impact. The absence of known exploits currently provides a window for proactive defense, but the risk of rapid exploitation once public exploit code emerges remains high.

1. Immediately upgrade all affected installations of Security Point (Windows) of MaLion to version 7.1.1.9 or later, where the vulnerability is patched. 2. Implement network-level protections such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) configured to detect and block malformed HTTP headers or suspicious HTTP requests targeting the affected service. 3. Conduct thorough vulnerability scanning and asset inventory to identify all instances of the vulnerable product within the network. 4. Apply strict network segmentation to isolate critical security infrastructure from general user networks and the internet. 5. Monitor logs and network traffic for anomalous HTTP header patterns or unexpected requests to the Security Point service. 6. Employ endpoint detection and response (EDR) solutions to detect and respond to suspicious process behaviors indicative of exploitation attempts. 7. Develop and test incident response plans specific to potential exploitation scenarios involving this vulnerability. 8. Educate IT and security teams about the vulnerability’s characteristics and exploitation methods to enhance detection and response capabilities.