CVE-2025-1945 in picklescan정보

요약

\~에 의해 MITRE • 2025. 03. 10.

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfully loaded by PyTorch's torch.load(). This can lead to arbitrary code execution when loading a compromised model.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

Sonatype

예약하다

2025. 03. 04.

공개

2025. 03. 10.

모더레이션

수락

항목

VDB-299074

CPE

준비됨

CWE

CWE-345 (확인됨)

CVSS

9.8 (NVD)

EPSS

0.00871

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-1945
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-1945
CVE Details	https://www.cvedetails.com/cve/CVE-2025-1945/

◂ 이전 개요 다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!