CVE-2025-64390
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation via BD-J Sandbox Escape in PlayStation 4 Firmware

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: HackerOne

Description
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-23
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2025-64390
EUVD
EUVD-2025-210043
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
sony playstation_4 From 13.00 (inc) to 13.02 (inc)
sony playstation_4_firmware From 13.00 (inc) to 13.02 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a privilege escalation issue found in PlayStation 4 firmware versions 13.00 through 13.02. It occurs because the BD-J (Blu-ray Disc Java) sandbox can be escaped by using a malformed JAR file.

Impact Analysis

Exploiting this vulnerability allows an attacker to escape the BD-J sandbox, potentially gaining elevated privileges on the affected PlayStation 4 system. This could lead to unauthorized actions or control over the device.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64390. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart