CVE-2025-65519

Medium CVSS: 6.5

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability.

Vendor

Mayswind

Product

Ezbookkeeping

CWE

CWE-674

Yayın Tarihi

2026-02-18 16:22:28

Güncelleme

2026-02-20 20:08:11

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-674 Ezbookkeeping MEDIUM Mayswind 2026

Referanslar

https://github.com/ictrun/EBK-SA-2025-001