← Voltar para CVEs
CVE-2025-1716
CRITICAL9.8
Descricao
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/26/2025
Ultima modificacao12/29/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
mmaitre314:picklescan
Fraquezas (CWE)
CWE-184
Referencias
https://github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d(103e4ec9-0a87-450b-af77-479448ddef11)
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v(103e4ec9-0a87-450b-af77-479448ddef11)
https://www.sonatype.com/security-advisories/cve-2025-1716(103e4ec9-0a87-450b-af77-479448ddef11)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.