CVE-2025-43708

Summary

VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue.

Affected Software

VendorProductVersion RangeStatus
VisiCutVisiCut0 <= 2.1affected

Weaknesses

  • CWE-674: CWE-674 Uncontrolled Recursion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References