- Description
- An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.
- Source
- reefs@jfrog.com
- NVD status
- Analyzed
- Products
- picklescan
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- reefs@jfrog.com
- CWE-755
- Hype score
- Not currently trending
CVE-2025-10156 An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass securit… https://t.co/p7URl5GMcT
@CVEnew
17 Sept 2025
234 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-10156: CRITICAL] Vulnerability in mmaitre314 picklescan's ZIP archive scanning allows remote attackers to bypass security scans by crafting a file with a bad CRC, leading to the execution of malici...#cve,CVE-2025-10156,#cybersecurity https://t.co/6uqTzy1ixV https://t.c
@CveFindCom
17 Sept 2025
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1ABB08D-CB91-4CA6-9EA3-A77D8B8484E0",
"versionEndExcluding": "0.0.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]