CVE-2025-43708: VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when...

3.3 CVSS

Description

VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue.

Classification

CVE ID: CVE-2025-43708

CVSS Base Severity: LOW

CVSS Base Score: 3.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Problem Types

CWE-674 Uncontrolled Recursion

Affected Products

Vendor: VisiCut

Product: VisiCut

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.27% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-43708
https://github.com/Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul
https://github.com/t-oster/VisiCut
https://visicut.org

Timeline

2025-04-17 03:40:18 UTC
CVE

VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when...