CVE-2025-5175 MEDIUM

CVE-2025-5175: erdogant pypickle pypickle.py save improper authorization

Vendor Erdogant

Product pypickle

Weakness CWE-285

Published May 26, 2025

Last update May 28, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

May 26, 2025 CVE published

May 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5175 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2025-5175

CWE CWE-285

CVSS 4.8 / MEDIUM

Affected versions

Vendor Erdogant

Product pypickle

Affected 1.1.0

Vendor Erdogant

Product pypickle

Affected 1.1.1

Vendor Erdogant

Product pypickle

Affected 1.1.2

Vendor Erdogant

Product pypickle

Affected 1.1.3

Vendor Erdogant

Product pypickle

Affected 1.1.4

Vendor Erdogant

Product pypickle

Affected 1.1.5

CVE-2025-5175: erdogant pypickle pypickle.py save improper authorization

01Description

02Disclosure timeline

03References

04Related CVE