← Retour aux CVEs
CVE-2025-1716
CRITICAL9.8
Description
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/26/2025
Derniere modification12/29/2025
Sourcenvd
Observations honeypot0
Produits affectes
mmaitre314:picklescan
Faiblesses (CWE)
CWE-184
References
https://github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d(103e4ec9-0a87-450b-af77-479448ddef11)
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v(103e4ec9-0a87-450b-af77-479448ddef11)
https://www.sonatype.com/security-advisories/cve-2025-1716(103e4ec9-0a87-450b-af77-479448ddef11)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.