Summaryinfo

A vulnerability identified as problematic has been detected in VisiCut 2.1. Affected by this issue is the function loadPlfFile of the file VisicutModel.java of the component XML Handler. Performing a manipulation results in deserialization. This vulnerability is identified as CVE-2025-25940. There is not any exploit available. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability, which was classified as problematic, was found in VisiCut 2.1. This affects the function loadPlfFile of the file VisicutModel.java of the component XML Handler. The manipulation with an unknown input leads to a deserialization vulnerability. CWE is classifying the issue as CWE-502. The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.

This vulnerability is uniquely identified as CVE-2025-25940 since 02/07/2025. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 06/07/2025).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-7690). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• VisiCut

Version

• 2.1

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion