CVE-2025-10157

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*

History

02 Oct 2025, 18:59

Type Values Removed Values Added
CPE cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Mmaitre314
Mmaitre314 picklescan
References () https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py#L309 - () https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py#L309 - Product
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f7qq-56ww-84cr - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f7qq-56ww-84cr - Exploit, Vendor Advisory
References () https://huggingface.co/iluem/linux_pkl/resolve/main/asyncio_asyncio_unix_events___UnixSubprocessTransport__start.pkl - () https://huggingface.co/iluem/linux_pkl/resolve/main/asyncio_asyncio_unix_events___UnixSubprocessTransport__start.pkl - Broken Link

17 Sep 2025, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-17 12:15

Updated : 2025-10-02 18:59


NVD link : CVE-2025-10157

Mitre link : CVE-2025-10157

CVE.ORG link : CVE-2025-10157


JSON object : View

Products Affected

mmaitre314

  • picklescan
CWE
CWE-693

Protection Mechanism Failure