CVE Catalog

CVE-2025-70330

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in handling proprietary .EGP gradebook files. Modifying specific fields at precise offsets triggers an out-of-bounds memory read, causing an application crash.

Risk Assessment

The risk is a local denial-of-service condition – opening a crafted .EGP file by a user results in an immediate application crash, potentially disrupting work and causing loss of unsaved data.

Recommendation

It is recommended to update to the latest version of Easy Grade Pro if available, or implement security policies to prevent opening .EGP files from untrusted sources.

Original NVD description (English source)

Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS