CVE-2025-10155
published 2025-09-17CVE-2025-10155: An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to…
PriorityP345high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.82%
52.5th percentile
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mmaitre314 | picklescan | < 0.0.31 | 0.0.31 |
| mmaitre314 | picklescan | <= 0.0.30 | — |
| mmaitre314 | picklescan | >= 0 < 0.0.31 | 0.0.31 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Picklescan Bypass is Possible via File Extension Mismatch
osv·2025-09-10
CVE-2025-10155 [CRITICAL] Picklescan Bypass is Possible via File Extension Mismatch
Picklescan Bypass is Possible via File Extension Mismatch
### Summary
Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension (e.g., .bin). This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle file with such an extension instead of falling back to standard pickle analysis. This vulnerability allows attackers to disguise malicious pickle payloads within files that would otherwise be scanned for pickle-based threats.
### Details
The vulnerability stems from the logic in the scan_bytes function within picklescan/scanner.py, specifically around line 463:[ https://github.com/mmaitre314/picklescan/blob/75e60f2c02f3f1a029362e6f334e
GHSA
Picklescan Bypass is Possible via File Extension Mismatch
ghsa·2025-09-10
CVE-2025-10155 [CRITICAL] CWE-20 Picklescan Bypass is Possible via File Extension Mismatch
Picklescan Bypass is Possible via File Extension Mismatch
### Summary
Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension (e.g., .bin). This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle file with such an extension instead of falling back to standard pickle analysis. This vulnerability allows attackers to disguise malicious pickle payloads within files that would otherwise be scanned for pickle-based threats.
### Details
The vulnerability stems from the logic in the scan_bytes function within picklescan/scanner.py, specifically around line 463:[ https://github.com/mmaitre314/picklescan/blob/75e60f2c02f3f1a029362e6f334e
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-17
Published