CVE-2025-10156 CRITICAL

CVE-2025-10156: PickleScan Security Bypass via Bad CRC in ZIP Archive

Vendor Mmaitre314
Product picklescan
Weakness CWE-755
Published September 17, 2025
Last update September 17, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Key dates

02Disclosure timeline

September 17, 2025 CVE published
September 17, 2025 Record updated

Related vulnerabilities

04Related CVE