CVE-2025-70330
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in handling proprietary .EGP gradebook files. Modifying specific fields at precise offsets triggers an out-of-bounds memory read, causing an application crash.
Risk Assessment
The risk is a local denial-of-service condition – opening a crafted .EGP file by a user results in an immediate application crash, potentially disrupting work and causing loss of unsaved data.
Recommendation
It is recommended to update to the latest version of Easy Grade Pro if available, or implement security policies to prevent opening .EGP files from untrusted sources.
Original NVD description (English source)
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.

