- Description
- A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.
- Source
- reefs@jfrog.com
- NVD status
- Analyzed
- Products
- picklescan
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- reefs@jfrog.com
- CWE-693
- Hype score
- Not currently trending
CVE-2025-10157 Protection Mechanism Bypass in mmaitre314 picklescan Enabling Arb... https://t.co/uZRDw96lSY Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
17 Sept 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-10157: CRITICAL] Vulnerability in mmaitre314 picklescan 0.0.30 allows attackers to bypass protections by loading malicious payloads via submodules of dangerous packages due to a flawed module name ...#cve,CVE-2025-10157,#cybersecurity https://t.co/JjrFNKcXq8 https://t.c
@CveFindCom
17 Sept 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1ABB08D-CB91-4CA6-9EA3-A77D8B8484E0",
"versionEndExcluding": "0.0.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]