Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
AnalysisAI
Sandbox escape in Sony PlayStation 4 firmware versions 13.00 through 13.02 allows attackers to break out of the BD-J (Blu-ray Disc Java) sandbox by supplying a malformed JAR file, leading to privilege escalation with full impact on confidentiality, integrity, and availability. The flaw, tracked via HackerOne report 3452696 and CWE-367 (TOCTOU race condition), is rated CVSS 7.4 because the local attack vector and high attack complexity offset the unauthenticated nature of the exploit. EPSS is 0.02% (5th percentile) and no public exploit identified at time of analysis.
Technical ContextAI
BD-J is the Java-based interactive content runtime defined in the Blu-ray Disc specification, used to render menus and applications shipped on Blu-ray media. Like other Java sandboxes, it confines untrusted disc-supplied bytecode behind a SecurityManager and restricted class loader. The root cause class is CWE-367 (Time-of-check Time-of-use race condition), which on the PS4 implies the malformed JAR triggers a window between the runtime validating an attribute of a resource and subsequently using it, letting attacker-controlled state slip past the sandbox check. The single affected CPE (cpe:2.3:a:sony:ps4:*) limits scope to the console's BD-J implementation rather than the broader Java BD-J ecosystem.
RemediationAI
Apply the vendor-released firmware update from Sony that supersedes 13.02 - patch availability is confirmed by the input data, though the exact post-13.02 fix version is not enumerated in the provided references, so administrators should consult the Sony PlayStation system software update notes and the HackerOne report at https://hackerone.com/reports/3452696 for the specific patched build. Because the attack vector is physical Blu-ray media, the most effective compensating control while patching is to refrain from inserting untrusted Blu-ray discs and to disable or eject media on shared/managed consoles; this trades the loss of legitimate Blu-ray playback for elimination of the BD-J attack surface. Network-level mitigations are not applicable given the AV:L vector.
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210043
GHSA-87pc-67c4-x49w