CVE-2025-70330 — LOW (3.3) — White Hats Nepal

Vulnerability Description

Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2025-70330?

CVE-2025-70330 is a vulnerability with a CVSS score of 3.3 (LOW). Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an a...

How severe is CVE-2025-70330?

CVE-2025-70330 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-70330?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.