CVE-2025-65519 affects mayswind ezbookkeeping versions 1.2.0 and earlier, where the application improperly handles JSON and XML file imports by failing to validate the nesting depth during parsing. This vulnerability is classified under CWE-674 (Improper Control of a Resource Through a Reference to a Memory Location) and allows an authenticated attacker to upload maliciously crafted files with deeply nested structures. When processed, these files cause excessive CPU consumption, leading to denial of service conditions such as service degradation or complete unavailability. The attack vector requires network access and valid user credentials (PR:L), but no user interaction beyond the upload is necessary. The CVSS v3.1 base score is 6.5, reflecting a medium severity due to the impact on availability only, with no confidentiality or integrity impact. No patches are currently linked, and no known exploits have been reported in the wild. The vulnerability highlights a resource exhaustion attack via recursive parsing, a common issue in XML/JSON processing when depth limits are not enforced. Organizations relying on this software for bookkeeping risk operational disruption if exploited, especially in environments with high transaction volumes or critical financial operations.

For European organizations, the primary impact is denial of service, which can disrupt financial operations, delay bookkeeping processes, and potentially affect compliance reporting deadlines. Service unavailability can lead to operational downtime, loss of productivity, and increased support costs. While no data breach or integrity compromise is indicated, the inability to access bookkeeping services can have cascading effects on financial decision-making and audit readiness. Organizations in sectors with stringent financial regulations (e.g., banking, insurance, public sector) may face additional risks if service disruptions affect regulatory compliance. The requirement for authentication limits the attack surface to insiders or compromised accounts, but this does not eliminate risk, especially in environments with many users or weak credential management. The absence of known exploits suggests a window for proactive mitigation before widespread exploitation occurs.

1. Implement strict validation on JSON and XML file imports to enforce maximum nesting depth limits, preventing resource exhaustion during parsing. 2. Restrict file upload permissions to only trusted users and monitor for unusual upload patterns or large/deeply nested files. 3. Employ application-layer resource monitoring to detect abnormal CPU usage spikes indicative of parsing attacks. 4. Enforce strong authentication controls, including multi-factor authentication, to reduce the risk of compromised accounts being used for exploitation. 5. Isolate bookkeeping services in segmented network zones to limit lateral movement if an attack occurs. 6. Regularly review and update software to the latest versions once patches become available from the vendor. 7. Conduct security awareness training for users with upload privileges to recognize and report suspicious activity. 8. Consider implementing Web Application Firewalls (WAFs) with custom rules to detect and block maliciously crafted JSON/XML payloads.