PT-2025-17680 · Unknown · Picklescan

Mmaitre314

Published

2025-04-07

Updated

2025-10-01

CVE-2025-46417

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Picklescan version 0.0.24 and earlier

Description The issue arises from the unsafe globals in Picklescan not including ssl, allowing ssl.get server certificate to exfiltrate data via DNS after deserialization.

Recommendations For Picklescan version 0.0.24 and earlier, update to version 0.0.25 or later to secure your application. As a temporary workaround, consider restricting the use of ssl.get server certificate until a patch is applied.

Exploit

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-184

Related Identifiers

CVE-2025-46417

GHSA-4P4H-9GVQ-7XFG

GHSA-93MV-X874-956G

PYSEC-2025-34

Affected Products

Picklescan

PT-2025-17680 · Unknown · Picklescan

CVE-2025-46417

Weakness Enumeration

Related Identifiers

Affected Products

References · 16