How severe is CVE-2025-1716?

CVE-2025-1716 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-1716

Name: picklescan
Author: mmaitre314

9.8CRITICAL

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or G

게시됨: 2/26/2025업데이트됨: 12/29/2025

설명

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.

AI 분석AI 기반

영향받는 제품

mmaitre314picklescan

참조

https://github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d
Patch
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v
ExploitVendor Advisory
https://www.sonatype.com/security-advisories/cve-2025-1716