CVE-2025-10156

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-10156
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10156.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-10156
Aliases
Published
2025-09-17T11:15:32.020Z
Modified
2026-04-10T05:21:04.239641Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

References

Affected packages

Git / github.com/mmaitre314/picklescan

Affected ranges

Type
GIT
Repo
https://github.com/mmaitre314/picklescan
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
28a7b4ef753466572bda3313737116eeb9b4e5c5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.0.31"
        }
    ]
}

Affected versions

v0.*
v0.0.10
v0.0.11
v0.0.12
v0.0.13
v0.0.14
v0.0.15
v0.0.17
v0.0.18
v0.0.19
v0.0.2
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.0.24
v0.0.25
v0.0.26
v0.0.27
v0.0.28
v0.0.29
v0.0.3
v0.0.30
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10156.json"