CVE-2025-64693 is a heap-based buffer overflow vulnerability identified in the Security Point (Windows) component of MaLion, a product by Intercom, Inc. The flaw exists in the way the software processes the Content-Length HTTP header. Specifically, when receiving a specially crafted request with manipulated Content-Length values, the software fails to properly validate or handle the input size, leading to a heap overflow condition. This memory corruption can be exploited by a remote attacker without authentication or user interaction to execute arbitrary code with SYSTEM-level privileges, effectively granting full control over the affected system. The vulnerability affects all versions prior to 7.1.1.9, and no patches were available at the time of disclosure, though the vendor is expected to release updates promptly. The CVSS v3.0 score of 9.8 indicates a critical severity, with attack vector as network, low attack complexity, no privileges required, and no user interaction needed. The vulnerability impacts confidentiality, integrity, and availability, as an attacker can fully compromise the system. No known exploits have been reported in the wild yet, but the ease of exploitation and high privileges gained make this a significant threat. The vulnerability is particularly concerning for environments where MaLion is deployed as a security management tool, as compromise could lead to broader network infiltration and control.

For European organizations, the impact of CVE-2025-64693 could be severe. Given that the vulnerability allows remote, unauthenticated attackers to execute code with SYSTEM privileges, affected systems could be fully compromised, leading to data breaches, disruption of security services, and potential lateral movement within networks. Organizations in critical infrastructure, finance, healthcare, and government sectors using MaLion Security Point (Windows) are at heightened risk. The ability to gain SYSTEM-level access remotely could enable attackers to disable security controls, exfiltrate sensitive data, deploy ransomware, or establish persistent footholds. The lack of required authentication and user interaction increases the likelihood of exploitation. Additionally, the vulnerability could undermine trust in security management platforms, complicating incident response and recovery efforts. European entities must consider the potential for targeted attacks exploiting this vulnerability, especially given geopolitical tensions that may motivate adversaries to focus on strategic assets protected by MaLion.

To mitigate CVE-2025-64693, European organizations should immediately upgrade affected MaLion Security Point (Windows) installations to version 7.1.1.9 or later once the patch is available. Until patches are deployed, network-level protections should be enforced, including blocking or filtering inbound traffic to the affected service ports from untrusted networks. Intrusion detection and prevention systems should be updated with signatures targeting exploitation attempts related to Content-Length header manipulation. Organizations should conduct thorough asset inventories to identify all instances of MaLion Security Point (Windows) and prioritize patching accordingly. Implementing network segmentation to isolate critical security management systems can reduce the blast radius of a potential compromise. Regular monitoring of logs and alerts for anomalous requests involving HTTP headers is advised. Additionally, applying application whitelisting and restricting administrative privileges can help limit the impact if exploitation occurs. Finally, organizations should prepare incident response plans specific to this vulnerability to enable rapid containment and remediation.