CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1889: picklescan - Security scanning bypass via non-standard file extensions

5.3 CVSS

Description

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not considered as part of the scope of picklescan, the file would pass security checks and appear to be safe, when it could instead prove to be problematic.

Classification

CVE ID: CVE-2025-1889

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-807 Reliance on Untrusted Inputs in a Security Decision

Affected Products

Vendor: mmaitre314

Product: picklescan

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.25% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1889
https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-1889
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v

Timeline

2025-03-03 19:40:22 UTC
CVE

picklescan - Security scanning bypass via non-standard file extensions
2025-03-03 20:15:24 UTC
Github Advisory Database (PIP)

[picklescan] PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions
2025-03-03 23:15:24 UTC
Github Advisory Database (PIP)

[picklescan] Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis