Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Mayswind Ezbookkeeping versions 1.2.0 and earlier can crash from deep file uploads
CVE-2025-65519
Summary
Versions 1.2.0 and earlier of Mayswind Ezbookkeeping are vulnerable to crashing if a maliciously crafted file is uploaded, which can cause the service to run slowly, stop working, or become completely unavailable. This is due to a flaw in how the software handles uploaded files. Users should update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mayswind | ezbookkeeping | <= 1.2.0 | – |
Original title
mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations,...
Original description
mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability.
nvd CVSS3.1
6.5
Vulnerability type
CWE-674
- https://github.com/ictrun/EBK-SA-2025-001 Exploit Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026