CVE-2025-70330

LOW

Easy Grade Pro 4.1.0.2 - Denial of Service via Crafted .EGP File Parsing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-70330. PoCs published by TheMalwareGuardian.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-70330, an out-of-bounds read vulnerability in Easy Grade Pro 4.1. It includes a proof-of-concept (DoS.py) and explains the root cause, crash behavior, and exploitation process.

Description

Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.

Exploits (1)

nomisec WRITEUP 2 stars
by TheMalwareGuardian · poc
https://github.com/TheMalwareGuardian/CVE-2025-70330

This repository provides a detailed technical analysis of CVE-2025-70330, an out-of-bounds read vulnerability in Easy Grade Pro 4.1. It includes a proof-of-concept (DoS.py) and explains the root cause, crash behavior, and exploitation process.

Classification
Writeup 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Easy Grade Pro 4.1
No auth needed
Prerequisites: malformed .EGP file
devstral-2 · analyzed May 04, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources
http://easy.com
Various Sources
http://orbis.com

Scores

CVSS v3 3.3
EPSS 0.0002
EPSS Percentile 4.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Published Mar 11, 2026
Tracked Since Mar 11, 2026