CVE-2025-10155— PickleScan Security Bypass Using Misleading File Extension
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-10155
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PickleScan Security Bypass Using Misleading File Extension
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
picklescan 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
picklescan是Matthieu Maitre个人开发者的一个安全扫描程序。 picklescan 0.0.30及之前版本存在输入验证错误漏洞,该漏洞源于扫描逻辑中存在输入验证不当,可能导致远程攻击者通过提供带有PyTorch相关文件扩展名的标准pickle文件绕过安全检查,从而执行恶意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| mmaitre314 | picklescan | 0 ~ 0.0.30 | - |
II. Public POCs for CVE-2025-10155
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-10155
Please Login to view more intelligence information
Same Patch Batch · mmaitre314 · 2025-09-17 · 3 CVEs total
| CVE-2025-10156 | PickleScan Security Bypass via Bad CRC in ZIP Archive | |
| CVE-2025-10157 | PickleScan Bypasses Unsafe Globals Check Using Submodule Imports |
IV. Related Vulnerabilities
Same product: picklescan
- CVE-2025-10157
PickleScan Bypasses Unsafe Globals Check Using Submodule Imp - CVE-2025-10156
PickleScan Security Bypass via Bad CRC in ZIP Archive - CVE-2025-46417
picklescan 安全漏洞 - CVE-2025-1945
picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not - CVE-2025-1944
picklescan ZIP archive manipulation attack leads to crash
Same vendor: mmaitre314
- CVE-2025-10157
PickleScan Bypasses Unsafe Globals Check Using Submodule Imp - CVE-2025-10156
PickleScan Security Bypass via Bad CRC in ZIP Archive - CVE-2025-1945
picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not - CVE-2025-1944
picklescan ZIP archive manipulation attack leads to crash - CVE-2025-1889
picklescan - Security scanning bypass via non-standard file
Same weakness: CWE-20
V. Comments for CVE-2025-10155
No comments yet