Description
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
Published: 2026-06-02
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A privilege escalation vulnerability exists in the PlayStation 4 firmware, allowing exploitation of the BD-J sandbox through a malformed Java Archive file. By escaping the sandbox, an attacker can execute code with elevated privileges on the console, potentially enabling full control over the device.

Affected Systems

Sony PlayStation 4 consoles running firmware versions 13.00, 13.01, or 13.02 are affected. The vulnerability resides in the BD-J (Blu‑ray Disc Java) sandbox that is intended to isolate Java applications from the underlying system.

Risk and Exploitability

The CVSS score is 7.4, and the EPSS score is < 1%. The vulnerability is not listed in CISA’s KEV catalog, indicating no known active exploits as of now. Escaping the BD-J sandbox grants privilege escalation, a high‑severity flaw. Exploitation requires processing a malformed JAR file, and it is inferred that the attacker would need local or physical disc access to provide such a file. While no public exploit has been disclosed, the potential impact justifies immediate patching once an update is available.

Generated by OpenCVE AI on June 3, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest PS4 firmware update that addresses the BD-J sandbox escape vulnerability.
  • If an update is not yet available, avoid inserting or processing Blu‑ray discs that contain BD-J content or unknown JAR files on the affected console.
  • Disable BD-J Java support from the system settings if the option exists, or restrict access to the Blu‑ray drive to trusted media only.

Generated by OpenCVE AI on June 3, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3452696 cve-icon cve-icon
History

Wed, 03 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title BD-J Sandbox Escape Privilege Escalation in PlayStation 4 Firmware 13.00-13.02
Weaknesses CWE-269

Wed, 03 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Sony
Sony ps4
Vendors & Products Sony
Sony ps4

Wed, 03 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Title BD-J Sandbox Escape Privilege Escalation in PlayStation 4 Firmware 13.00-13.02
Weaknesses CWE-269

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
References

Subscriptions

Sony Ps4
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-03T16:05:58.821Z

Reserved: 2025-10-31T15:00:01.446Z

Link: CVE-2025-64390

cve-icon Vulnrichment

Updated: 2026-06-03T16:05:38.803Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T20:16:31.517

Modified: 2026-06-04T15:35:18.623

Link: CVE-2025-64390

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T19:30:36Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition