CVE-2025-43708 Information

Description

VisiCut 2.1 allows stack consumption via an XML document with nested set elements as demonstrated by a java.util.HashMap StackOverflowError when reference=’../../../set/set[2]’ is used aka an \insecure deserialization\ issue.

Reference

https://github.com/Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul https://github.com/t-oster/VisiCut https://visicut.org