VisiCut 2.1 XML Nested Sets StackOverflow (Insecure Deserialization)
CVE-2025-43708 Published on April 17, 2025
VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue.
Weakness Type
What is a Stack Exhaustion Vulnerability?
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
CVE-2025-43708 has been classified to as a Stack Exhaustion vulnerability or weakness.
Affected Versions
VisiCut:- Before and including 2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.