CVE-2025-64390
CVE-2025-64390
In short
PlayStation 4 consoles running firmware versions 13.00 to 13.02 have a flaw where a specially crafted Blu-ray disc can break out of security restrictions and gain higher system privileges. This could allow someone to take control of the console or access protected data.
Technical detail
A privilege escalation vulnerability in PS4 BD-J sandbox (CWE-367: Time-of-check Time-of-use race condition) allows bypassing Blu-ray disc Java restrictions via malformed JAR files on affected firmware versions. Exploitation requires local access to play a crafted disc, resulting in elevated privileges and potential system compromise.
Summary generated and translated by AI from the official description.
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Sony · PS4Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://hackerone.com/reports/3452696