Description
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
Published: 2026-03-11
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

Easy Grade Pro 4.1.0.2 contains a flaw in the parsing of proprietary .EGP gradebook files. By inserting crafted data at specific offsets, an attacker can trigger an out‑of‑bounds read during parsing, resulting in an unhandled access violation and application crash. This flaw is a buffer read after the end of the allocated memory (CWE‑125) and can cause a local denial‑of‑service condition for the user who opens the compromised file.

Affected Systems

The affected product is Easy Grade Pro version 4.1.0.2. No other vendors, products, or versions are listed as impacted.

Risk and Exploitability

The CVSS score is 3.3, indicating low overall severity. The EPSS score is reported as less than 1%, suggesting a low probability of exploitation. It is not listed in the CISA KEV catalog. The attack requires a local user to open a malicious .EGP file, so exploitation is limited to environments where users have the possibility to execute benign software. The flaw only leads to denial of service and does not provide a remote code execution or privilege escalation path.

Generated by OpenCVE AI on March 17, 2026 at 15:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether the vendor has released a patch or update for Easy Grade Pro 4.1.0.2
  • Apply the vendor’s update as soon as it is available
  • Disable automatic opening of unknown .EGP files or restrict the application to a limited user account
  • Scan all .EGP files with an up‑to‑date antivirus or sandbox solution before opening
  • Monitor application logs for unexpected crashes and report any incidents to the vendor

Generated by OpenCVE AI on March 17, 2026 at 15:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Easy
Easy grade Pro
Vendors & Products Easy
Easy grade Pro

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Description Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
References

Subscriptions

Easy Grade Pro
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-11T15:01:13.165Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70330

cve-icon Vulnrichment

Updated: 2026-03-11T14:58:42.444Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T15:16:23.493

Modified: 2026-03-12T21:08:22.643

Link: CVE-2025-70330

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:33:42Z

Weaknesses