216.73.216.133

CVE-2025-65519

· Published 18/02/2026 16:22 · Modified 18/02/2026 17:51

Labels: CVE-2025-65519 2026-02-18CVE-2025-65519CWE-674[email protected]

Essential information

Published
18/02/2026 16:22
Modified
18/02/2026 17:51
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mayswind / ezbookkeeping cpe:2.3:a:mayswind:ezbookkeeping:<1.2.0:*:*:*:*:*:*:*

References