CVE-2025-64390
Awaiting Analysis Awaiting Analysis - Queue

Privilege Escalation via BD-J Sandbox Escape in PlayStation 4 Firmware

Vulnerability report for CVE-2025-64390, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: HackerOne

Description

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-07-13
AI Q&A
2026-06-02
EPSS Evaluated
2026-07-11
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
sony playstation_4 From 13.00 (inc) to 13.02 (inc)
sony playstation_4_firmware From 13.00 (inc) to 13.02 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a privilege escalation issue found in PlayStation 4 firmware versions 13.00 through 13.02. It occurs because the BD-J (Blu-ray Disc Java) sandbox can be escaped by using a malformed JAR file.

Impact Analysis

Exploiting this vulnerability allows an attacker to escape the BD-J sandbox, potentially gaining elevated privileges on the affected PlayStation 4 system. This could lead to unauthorized actions or control over the device.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64390. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart