CVE-2025-4905

Source
https://cve.org/CVERecord?id=CVE-2025-4905
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4905.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-4905
Published
2025-05-19T01:31:04.562Z
Modified
2026-07-15T01:49:16.870640750Z
Severity
  • 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
iop-apl-uw basestation3 QC.py load_qc_pickl deserialization
Details

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function loadqcpickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.

Database specific
{
    "cwe_ids": [
        "CWE-20",
        "CWE-502"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4905.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/iop-apl-uw/basestation3

Affected ranges

Type
GIT
Repo
https://github.com/iop-apl-uw/basestation3
Events
Database specific
{
    "cpe": "cpe:2.3:a:washington:basestation:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.0.0"
        },
        {
            "introduced": "3.0.1"
        },
        {
            "last_affected": "3.0.1"
        },
        {
            "introduced": "3.0.2"
        },
        {
            "last_affected": "3.0.2"
        },
        {
            "introduced": "3.0.3"
        },
        {
            "last_affected": "3.0.3"
        },
        {
            "introduced": "3.0.4"
        },
        {
            "last_affected": "3.0.4"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4905.json"