CVE-2025-64693 is a heap-based buffer overflow vulnerability identified in the Windows version of Security Point, a component of MaLion by Intercom, Inc. The vulnerability is triggered during the processing of the Content-Length header in network requests. Specifically, when Security Point receives a specially crafted request with a malformed Content-Length value, it improperly allocates or manages heap memory, leading to a buffer overflow condition. This overflow can corrupt memory structures and enable an attacker to execute arbitrary code with SYSTEM-level privileges remotely. The vulnerability does not require any authentication or user interaction, making it exploitable by any unauthenticated attacker with network access to the affected service. The CVSS 3.0 score of 9.8 reflects the vulnerability's critical nature, with attack vector being network-based, low attack complexity, no privileges required, and no user interaction needed. The impact includes full compromise of the affected system, allowing attackers to gain complete control, steal sensitive data, disrupt services, or move laterally within a network. Although no public exploits have been reported yet, the vulnerability's characteristics make it a prime target for threat actors once exploit code becomes available. The affected versions are all prior to 7.1.1.9, and users are advised to upgrade to the patched version as soon as possible. The vulnerability was published on November 25, 2025, by JPCERT, indicating a recent disclosure. Due to the criticality and ease of exploitation, organizations using MaLion Security Point on Windows should prioritize remediation and implement compensating controls immediately.

For European organizations, the impact of CVE-2025-64693 is significant. The ability for an unauthenticated remote attacker to execute arbitrary code with SYSTEM privileges means complete takeover of affected systems is possible. This can lead to data breaches involving sensitive personal and corporate data, disruption of critical services, and potential lateral movement within networks to compromise additional assets. Organizations in sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the high value of their data and services. The vulnerability could also be leveraged to deploy ransomware or other malware, causing operational downtime and financial losses. Given the widespread use of Windows environments and the presence of MaLion Security Point in enterprise security stacks, the scope of affected systems could be broad. The lack of known exploits in the wild currently provides a window for proactive defense, but the critical severity demands urgent attention to prevent future exploitation. Failure to address this vulnerability could result in regulatory penalties under GDPR if personal data is compromised.

1. Immediately upgrade all instances of Security Point (Windows) of MaLion to version 7.1.1.9 or later, where the vulnerability is patched. 2. Implement network-level filtering to restrict access to the Security Point service from untrusted networks, using firewalls or segmentation to limit exposure. 3. Deploy intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics capable of detecting anomalous Content-Length header manipulations. 4. Conduct thorough logging and monitoring of network traffic to identify suspicious requests targeting the Content-Length header. 5. Apply strict input validation and sanitization on all incoming requests where possible, to prevent malformed headers from reaching vulnerable code paths. 6. Perform regular vulnerability scanning and penetration testing focused on this vulnerability to ensure remediation effectiveness. 7. Develop and test incident response plans specifically addressing potential exploitation scenarios involving this vulnerability. 8. Educate IT and security teams about the nature of this vulnerability and the importance of timely patching and monitoring.