CVE-2025-70330
Deferred
Deferred - Pending Action
Out-of-Bounds Read in Easy Grade Pro Causes Local DoS
Vulnerability report for CVE-2025-70330, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-11
Last updated on: 2026-07-05
Assigner: MITRE
Description
Description
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| easy_grade_pro | easy_grade_pro | 4.1 |
| easy_grade_pro | easy_grade_pro | 4.1.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |