How severe is CVE-2025-1716?

CVE-2025-1716 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-1716

Name: picklescan
Author: mmaitre314

9.8CRITICAL

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or G

Publicado: 2/26/2025Actualizado: 12/29/2025

Descripción

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.

Análisis IAImpulsado por IA

Productos Afectados

mmaitre314picklescan

Referencias

https://github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d
Patch
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v
ExploitVendor Advisory
https://www.sonatype.com/security-advisories/cve-2025-1716