CVE-2025-1716

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.21

Description The issue allows an attacker to craft a malicious model that uses Pickle to pull in a malicious PyPI package via pip.main(). This is possible because 'pip' is not treated as an unsafe global, causing the model to pass security checks and appear safe when scanned, even though it could be problematic.

Recommendations For picklescan versions prior to 0.0.21, update to version 0.0.21 or later to resolve the issue. As a temporary workaround, consider restricting the use of the pip.main() function to minimize the risk of exploitation.