CVE-2025-10155

Critical CVSS: 9.3

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Vendor

Mmaitre314

Product

Picklescan

CWE

CWE-20

Yayın Tarihi

2025-09-17 10:15:36

Güncelleme

2025-10-02 19:07:57

Source Identifier

reefs@jfrog.com

KEV Date Added

Kategoriler

CWE-20 Picklescan CRITICAL Mmaitre314 2025

Referanslar

https://github.com/mmaitre314/picklescan/blob/58983e1c20973ac42f2df7ff15d7c8cd32f9b688/src/picklescan/scanner.py#L463 https://github.com/mmaitre314/picklescan/security/advisories/GHSA-jgw4-cr84-mqxg

Benzer Kayıtlar

Critical

CVE-2025-10157

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remot…

Critical

CVE-2025-10156

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 pickles…

Medium

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltra…

Medium

CVE-2025-1945

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag…

Medium

CVE-2025-1944

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to e…

Medium

CVE-2025-1889

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An atta…