Home > Vulnerability Database > CVE-2025-10155

Mend.io Vulnerability Database

CVE-2025-10155

Good to know:

Date: September 17, 2025

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Severity Score

7.8

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-10155

Url: https://github.com/mmaitre314/picklescan/blob/58983e1c20973ac42f2df7ff15d7c8cd32f9b688/src/picklescan/scanner.py#L463

Url: https://github.com/mmaitre314/picklescan/security/advisories/GHSA-jgw4-cr84-mqxg

Url: https://github.com/mmaitre314/picklescan

Url: https://github.com/mmaitre314/picklescan/commit/28a7b4ef753466572bda3313737116eeb9b4e5c5

Url: https://www.mend.io/vulnerability-database/CVE-2025-10155

Severity Score

7.8

Weakness Type (CWE)

Improper Input Validation

CWE-20

Protection Mechanism Failure

CWE-693

Top Fix

Upgrade Version

Upgrade to version picklescan - 0.0.31

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-10155

Good to know:

Date: September 17, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?