AI Threat Alert
CVE-2025-64390: PS4 BD-J: sandbox escape via malformed JAR file
HIGHCVE-2025-64390 is a local privilege escalation in PlayStation 4 firmware versions 13.00–13.02 where a malformed JAR file breaks out of the BD-J (Blu-ray Disc Java) sandbox, enabling code execution at elevated privilege levels on the console hardware. Despite the ml_ops AI category label, this is almost certainly an automated misclassification — the BD-J Java runtime is a consumer electronics sandboxing layer for Blu-ray disc content, with no relation to any AI/ML framework, inference platform, training pipeline, or MLOps tooling. Exploitability is further constrained by AV:L and AC:H (local physical access plus high complexity required), no public exploit exists, it is not in CISA KEV, and no EPSS data is available. No action is required for AI/ML infrastructure; the primary recommendation is to audit your CVE AI-relevance classification pipeline to prevent similar false positives from consuming analyst bandwidth.
What is the risk?
Negligible risk to AI/ML environments. CVSS 7.4 (High) is offset by AV:L/AC:H, meaning exploitation requires physical or local access to a specific consumer gaming device running specific firmware versions. No KEV listing, no public exploit, no EPSS signal. The ml_ops AI category assignment is a false positive from automated classification tooling — PS4 firmware has no technical relationship to machine learning operations infrastructure. Enterprise AI/ML teams are not exposed.
How does the attack unfold?
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| PS4 | — | — | No patch |
Do you use PS4? You're affected.
How severe is it?
What is the attack surface?
What should I do?
4 steps-
Update PS4 firmware to the latest available version beyond 13.02 if applicable to your environment.
-
Restrict physical access to PS4 units in environments where they coexist with sensitive networked infrastructure.
-
Prioritize auditing your automated CVE-to-AI-package classification pipeline — this CVE is a clear false positive in the ml_ops category; refine AI-relevance detection logic (e.g., keyword matching against known AI package names and descriptions) to reduce analyst noise.
-
No patches, detection rules, or workarounds are required for any enterprise AI/ML infrastructure.
How is it classified?
Which compliance frameworks are affected?
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2025-64390?
CVE-2025-64390 is a local privilege escalation in PlayStation 4 firmware versions 13.00–13.02 where a malformed JAR file breaks out of the BD-J (Blu-ray Disc Java) sandbox, enabling code execution at elevated privilege levels on the console hardware. Despite the ml_ops AI category label, this is almost certainly an automated misclassification — the BD-J Java runtime is a consumer electronics sandboxing layer for Blu-ray disc content, with no relation to any AI/ML framework, inference platform, training pipeline, or MLOps tooling. Exploitability is further constrained by AV:L and AC:H (local physical access plus high complexity required), no public exploit exists, it is not in CISA KEV, and no EPSS data is available. No action is required for AI/ML infrastructure; the primary recommendation is to audit your CVE AI-relevance classification pipeline to prevent similar false positives from consuming analyst bandwidth.
Is CVE-2025-64390 actively exploited?
No confirmed active exploitation of CVE-2025-64390 has been reported, but organizations should still patch proactively.
How to fix CVE-2025-64390?
1. Update PS4 firmware to the latest available version beyond 13.02 if applicable to your environment. 2. Restrict physical access to PS4 units in environments where they coexist with sensitive networked infrastructure. 3. Prioritize auditing your automated CVE-to-AI-package classification pipeline — this CVE is a clear false positive in the ml_ops category; refine AI-relevance detection logic (e.g., keyword matching against known AI package names and descriptions) to reduce analyst noise. 4. No patches, detection rules, or workarounds are required for any enterprise AI/ML infrastructure.
What is the CVSS score for CVE-2025-64390?
CVE-2025-64390 has a CVSS v3.1 base score of 7.4 (HIGH).
What is the AI security impact?
MITRE ATLAS Techniques
AML.T0097 Virtualization/Sandbox Evasion AML.T0105 Escape to Host What are the technical details?
Original Advisory
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
Exploitation Scenario
An attacker with physical access to a PlayStation 4 running firmware 13.00–13.02 crafts a malformed JAR file designed to exploit a parsing flaw in the BD-J Java runtime. The malicious JAR is delivered via a burned Blu-ray disc or an injected BD-J content channel. When the PS4 parses the JAR, the sandbox boundary is violated and the attacker achieves code execution outside the BD-J container with elevated privileges on the console hardware. In a hypothetical AI/ML context, this attack vector is not applicable — no AI training pipeline, model inference server, or MLOps platform executes within a BD-J runtime. Lateral movement from a compromised PS4 to adjacent networked AI infrastructure would require additional exploitation steps beyond this CVE.
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References
Timeline
Related Vulnerabilities
CVE-2024-2912 10.0 BentoML: RCE via insecure deserialization (CVSS 10)
Same attack type: Code Execution CVE-2026-21858 10.0 n8n: Input Validation flaw enables exploitation
Same attack type: Code Execution CVE-2025-5120 10.0 smolagents: sandbox escape enables unauthenticated RCE
Same attack type: Code Execution CVE-2025-59528 10.0 Flowise: Unauthenticated RCE via MCP config injection
Same attack type: Code Execution GHSA-vvpj-8cmc-gx39 10.0 picklescan: security flaw enables exploitation
Same attack type: Code Execution