CVE-2025-70330 is a file parsing logic vulnerability found in Easy Grade Pro version 4.1.0.2, specifically in the handling of its proprietary .EGP gradebook files. The flaw arises from inadequate bounds checking when parsing certain fields within the .EGP file format. An attacker with the ability to modify or supply a malicious .EGP file can alter specific fields at exact byte offsets to induce an out-of-bounds memory read during the parsing process. This memory access violation is unhandled by the application, causing it to crash immediately upon opening the crafted file. The vulnerability leads to a local denial-of-service condition, disrupting the normal operation of the Easy Grade Pro application. Exploitation requires that the victim user opens the malicious file, implying user interaction is necessary. There is no indication that this vulnerability allows for privilege escalation, remote code execution, or data leakage. No patches or updates have been linked yet, and no CVSS score has been assigned. The vulnerability was reserved in early 2026 and published shortly thereafter, with no known active exploitation reported to date.

The primary impact of CVE-2025-70330 is a local denial-of-service condition affecting users of Easy Grade Pro 4.1.0.2. When a maliciously crafted .EGP file is opened, the application crashes, potentially interrupting grading activities and causing loss of unsaved work. This can lead to operational disruption in educational institutions relying on this software for grade management. Although the vulnerability does not appear to compromise confidentiality or integrity, repeated crashes could degrade user trust and productivity. Since exploitation requires user interaction and local file access, the attack surface is limited to scenarios where an attacker can deliver or convince a user to open a malicious .EGP file. There is no evidence of remote exploitation or broader systemic impact. However, in environments where Easy Grade Pro is critical, such as schools or educational districts, this could cause significant inconvenience and workflow disruption.

To mitigate CVE-2025-70330, organizations should implement the following measures: 1) Restrict the opening of .EGP files to trusted sources only, employing strict file validation and scanning before use. 2) Educate users about the risks of opening gradebook files from unverified or unknown origins to reduce the likelihood of malicious file execution. 3) Employ application whitelisting and endpoint protection solutions that can detect anomalous application crashes or suspicious file manipulations. 4) Monitor for updates or patches from the Easy Grade Pro vendor and apply them promptly once available. 5) Consider isolating Easy Grade Pro usage to dedicated systems with limited network access to reduce exposure. 6) Maintain regular backups of gradebook data to minimize disruption in case of application crashes or data loss. 7) If possible, use file integrity monitoring to detect unauthorized modifications to .EGP files. These steps go beyond generic advice by focusing on controlling file provenance, user awareness, and operational continuity.