picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfully loaded by PyTorch's torch.load(). This can lead to arbitrary code execution when loading a compromised model.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781 | Patch | 
| https://github.com/mmaitre314/picklescan/security/advisories/GHSA-w8jq-xcqf-f792 | Exploit Vendor Advisory | 
| https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-1945 | Exploit Third Party Advisory | 
Configurations
                    History
                    19 Mar 2025, 16:14
| Type | Values Removed | Values Added | 
|---|---|---|
| CVSS | v2 : v3 : | v2 : unknown v3 : 9.8 | 
| First Time | Mmaitre314 picklescan Mmaitre314 | |
| Summary | 
 | |
| References | () https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781 - Patch | |
| References | () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-w8jq-xcqf-f792 - Exploit, Vendor Advisory | |
| References | () https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-1945 - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:* | |
| CWE | NVD-CWE-noinfo | 
10 Mar 2025, 12:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-03-10 12:15
Updated : 2025-03-19 16:14
NVD link : CVE-2025-1945
Mitre link : CVE-2025-1945
CVE.ORG link : CVE-2025-1945
JSON object : View
Products Affected
                mmaitre314
- picklescan
CWE
                