{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T17:40:31.947","vulnerabilities":[{"cve":{"id":"CVE-2025-65519","sourceIdentifier":"cve@mitre.org","published":"2026-02-18T16:22:28.977","lastModified":"2026-02-20T20:08:11.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability."},{"lang":"es","value":"Las versiones 1.2.0 y anteriores de mayswind ezbookkeeping contienen una vulnerabilidad crítica en el procesamiento de importación de archivos JSON y XML. La aplicación no valida la profundidad de anidamiento durante las operaciones de análisis, lo que permite a atacantes autenticados desencadenar condiciones de denegación de servicio al cargar archivos maliciosos profundamente anidados. Esto resulta en agotamiento de la CPU, degradación del servicio o indisponibilidad completa del servicio."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mayswind:ezbookkeeping:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.0","matchCriteriaId":"F550DB07-1FC6-4C7C-932D-F58AEA8980BD"}]}]}],"references":[{"url":"https://github.com/ictrun/EBK-SA-2025-001","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}}]}