Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-43708

VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue.

Published

2025-04-17T01:15:46.707

Last Modified

2025-09-24T00:51:03.900

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

Weaknesses

Type: Secondary
CWE-674

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	visicut	visicut	2.1	Yes

References

https://github.com/Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul Exploit, Third Party Advisory ([email protected])
https://github.com/t-oster/VisiCut Product ([email protected])
https://visicut.org Product ([email protected])