CVE-2025-70330
Out-of-Bounds Read in Easy Grade Pro Causes Local DoS
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| easy_grade_pro | easy_grade_pro | 4.1 |
| easy_grade_pro | easy_grade_pro | 4.1.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70330 is a vulnerability in Easy Grade Pro version 4.1.0.2 related to how the software parses its proprietary .EGP gradebook files.
The issue arises because the application reads specific offset values from the file to reconstruct internal data structures but does not properly verify that these offsets are within the valid bounds of the file buffer.
An attacker can craft a malformed but structurally valid .EGP file by modifying certain fields at precise offsets. This causes the parser to perform an out-of-bounds memory read during file parsing.
This out-of-bounds read leads to an access violation and causes the application to crash when the crafted file is opened, resulting in a local denial-of-service condition.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a local denial-of-service (DoS) condition.
When a user opens a specially crafted .EGP file, the application crashes due to an unhandled access violation caused by an out-of-bounds memory read.
This crash interrupts normal use of Easy Grade Pro, potentially causing loss of productivity or disruption in environments where the software is used for managing gradebooks.
There is no indication that this vulnerability allows for code execution, data corruption, or information disclosure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered by opening a specially crafted .EGP gradebook file in Easy Grade Pro 4.1.0.2. Detection involves identifying such malformed .EGP files that contain manipulated offset values causing out-of-bounds memory reads.
Since the vulnerability is local and file-based, network detection is not applicable. On the system, detection can be done by monitoring application crashes of Easy Grade Pro when opening .EGP files.
No specific commands are provided in the available resources. However, a practical approach is to use debugging or monitoring tools to detect crashes or access violations when Easy Grade Pro opens .EGP files.
Additionally, analyzing .EGP files for abnormal offset values at precise offsets (such as offset 548 where a 21-byte payload was inserted in the PoC) could help identify malicious files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves avoiding opening untrusted or suspicious .EGP gradebook files in Easy Grade Pro 4.1.0.2, as the vulnerability is triggered by parsing crafted files.
Since the product is end-of-life and no vendor patches are available, users should consider discontinuing use of Easy Grade Pro 4.1.0.2 or isolating it in a controlled environment to prevent denial-of-service conditions.
Implementing file integrity checks or scanning .EGP files for anomalies before opening them can reduce risk.