CVE-2025-59485

LOW

MaLion <5.3.4 - Privilege Escalation

Title source: llm

Description

Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a specially crafted DLL file, arbitrary code could be executed with SYSTEM privilege.

References (2)

[Various Sources] https://www.intercom.co.jp/information/2025/1125.html

[Third Party Advisory] https://jvn.jp/en/jp/JVN76298784/

Scores

CVSS v3 3.3

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-276

Status published

Products (1)

Intercom, Inc./Security Point (Windows) of MaLion prior to Ver.5.3.4

Published Nov 25, 2025

Tracked Since Feb 18, 2026