A critical remote code execution vulnerability, identified as CVE-2025-64693, has been discovered in multiple Security Point products. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted network request, allowing them to take complete control of the affected Windows system with the highest privileges. Due to the high severity (CVSS 9.8) and low complexity of the attack, immediate remediation is required to prevent system compromise.

The vulnerability is a heap-based buffer overflow within the component of Security Point software that processes the Content-Length HTTP header. A remote, unauthenticated attacker can send a crafted request containing a malicious Content-Length value. This causes the application to allocate an incorrect amount of memory, leading to a buffer overflow on the heap, which can be leveraged to overwrite adjacent memory structures and achieve arbitrary code execution with SYSTEM-level privileges on the underlying Windows operating system.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over the affected system. This could lead to severe business consequences, including the theft of sensitive corporate data, deployment of ransomware, disruption of critical business operations, and using the compromised system as a beachhead to launch further attacks against the internal network. The potential for full system compromise poses a significant risk to data confidentiality, integrity, and availability.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor. Administrators should immediately update all instances of Security Point Multiple Products to the latest patched version. Following the update, review access and application logs for any signs of exploitation attempts that may have occurred prior to patching.

Proactive Monitoring: Implement enhanced monitoring on systems running the affected software. Security teams should look for network traffic containing unusual or malformed Content-Length headers directed at the Security Point service. Monitor for anomalous system behavior, such as unexpected processes being spawned by the Security Point service, and investigate any related alerts from Endpoint Detection and Response (EDR) or antivirus solutions.

Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls to reduce the risk. Use a Web Application Firewall (WAF) or an Intrusion Prevention System (IPS) with rulesets designed to inspect and block requests with malicious Content-Length values. Additionally, restrict network access to the vulnerable service, allowing connections only from trusted IP addresses to limit the attack surface.

Public Exploit Available: false

This vulnerability represents a critical risk to the organization. Due to the CVSS score of 9.8 and the potential for a remote, unauthenticated attacker to gain SYSTEM-level access, immediate action is paramount. Although this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime target for exploitation. We strongly recommend that all affected Security Point products are patched on an emergency basis to prevent a potential compromise.