PickleScan Security Bypass via Bad CRC in ZIP Archive

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Basic Information

ID CVE-2025-10156

Source JFROG

Published Sep 17, 2025 at 10:41

Affected Product

Vendor mmaitre314

Product picklescan

Affected Versions mmaitre314 picklescan 0

CWE Classification

CWE-755

References

{
    "lastseen": "",
    "description": "An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files.\u00a0When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.",
    "published": "2025-09-17T10:41:51.737Z",
    "modified": "2025-09-17T10:41:51.737Z",
    "type": "cve",
    "title": "PickleScan Security Bypass via Bad CRC in ZIP Archive",
    "source": "JFROG",
    "references": "https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true\nhttps://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main\nhttps://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35\nhttps://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg",
    "id": "CVE-2025-10156",
    "bulletinFamily": "",
    "cwe": [
        "CWE-755"
    ],
    "cvelist": null,
    "sourceData": "mmaitre314 picklescan 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "picklescan",
    "version": "0",
    "vendor": "mmaitre314",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

PickleScan Security Bypass via Bad CRC in ZIP Archive_CVE-2025-10156