Skip to main content

PlayStation 4 Firmware CVE-2025-64390

| EUVDEUVD-2025-210043 HIGH
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-06-02 hackerone GHSA-87pc-67c4-x49w
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 03, 2026 - 18:22 vuln.today
CVSS changed
Jun 03, 2026 - 18:22 NVD
7.4 (None) 7.4 (HIGH)
Patch available
Jun 02, 2026 - 21:02 EUVD
CVE Published
Jun 02, 2026 - 18:20 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.

AnalysisAI

Sandbox escape in Sony PlayStation 4 firmware versions 13.00 through 13.02 allows attackers to break out of the BD-J (Blu-ray Disc Java) sandbox by supplying a malformed JAR file, leading to privilege escalation with full impact on confidentiality, integrity, and availability. The flaw, tracked via HackerOne report 3452696 and CWE-367 (TOCTOU race condition), is rated CVSS 7.4 because the local attack vector and high attack complexity offset the unauthenticated nature of the exploit. EPSS is 0.02% (5th percentile) and no public exploit identified at time of analysis.

Technical ContextAI

BD-J is the Java-based interactive content runtime defined in the Blu-ray Disc specification, used to render menus and applications shipped on Blu-ray media. Like other Java sandboxes, it confines untrusted disc-supplied bytecode behind a SecurityManager and restricted class loader. The root cause class is CWE-367 (Time-of-check Time-of-use race condition), which on the PS4 implies the malformed JAR triggers a window between the runtime validating an attribute of a resource and subsequently using it, letting attacker-controlled state slip past the sandbox check. The single affected CPE (cpe:2.3:a:sony:ps4:*) limits scope to the console's BD-J implementation rather than the broader Java BD-J ecosystem.

RemediationAI

Apply the vendor-released firmware update from Sony that supersedes 13.02 - patch availability is confirmed by the input data, though the exact post-13.02 fix version is not enumerated in the provided references, so administrators should consult the Sony PlayStation system software update notes and the HackerOne report at https://hackerone.com/reports/3452696 for the specific patched build. Because the attack vector is physical Blu-ray media, the most effective compensating control while patching is to refrain from inserting untrusted Blu-ray discs and to disable or eject media on shared/managed consoles; this trades the loss of legitimate Blu-ray playback for elimination of the BD-J attack surface. Network-level mitigations are not applicable given the AV:L vector.

Share

CVE-2025-64390 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy