CVE-2025-70330
Received Received - Intake
Out-of-Bounds Read in Easy Grade Pro Causes Local DoS

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: MITRE

Description
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70330
EUVD
EUVD-2025-208565
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
easy_grade_pro easy_grade_pro 4.1
easy_grade_pro easy_grade_pro 4.1.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-70330 is a vulnerability in Easy Grade Pro version 4.1.0.2 related to how the software parses its proprietary .EGP gradebook files.

The issue arises because the application reads specific offset values from the file to reconstruct internal data structures but does not properly verify that these offsets are within the valid bounds of the file buffer.

An attacker can craft a malformed but structurally valid .EGP file by modifying certain fields at precise offsets. This causes the parser to perform an out-of-bounds memory read during file parsing.

This out-of-bounds read leads to an access violation and causes the application to crash when the crafted file is opened, resulting in a local denial-of-service condition.

Impact Analysis

The primary impact of this vulnerability is a local denial-of-service (DoS) condition.

When a user opens a specially crafted .EGP file, the application crashes due to an unhandled access violation caused by an out-of-bounds memory read.

This crash interrupts normal use of Easy Grade Pro, potentially causing loss of productivity or disruption in environments where the software is used for managing gradebooks.

There is no indication that this vulnerability allows for code execution, data corruption, or information disclosure.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is triggered by opening a specially crafted .EGP gradebook file in Easy Grade Pro 4.1.0.2. Detection involves identifying such malformed .EGP files that contain manipulated offset values causing out-of-bounds memory reads.

Since the vulnerability is local and file-based, network detection is not applicable. On the system, detection can be done by monitoring application crashes of Easy Grade Pro when opening .EGP files.

No specific commands are provided in the available resources. However, a practical approach is to use debugging or monitoring tools to detect crashes or access violations when Easy Grade Pro opens .EGP files.

Additionally, analyzing .EGP files for abnormal offset values at precise offsets (such as offset 548 where a 21-byte payload was inserted in the PoC) could help identify malicious files.

Mitigation Strategies

Immediate mitigation involves avoiding opening untrusted or suspicious .EGP gradebook files in Easy Grade Pro 4.1.0.2, as the vulnerability is triggered by parsing crafted files.

Since the product is end-of-life and no vendor patches are available, users should consider discontinuing use of Easy Grade Pro 4.1.0.2 or isolating it in a controlled environment to prevent denial-of-service conditions.

Implementing file integrity checks or scanning .EGP files for anomalies before opening them can reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart