CVE-2025-4905

Name of the Vulnerable Software and Affected Versions: iop-apl-uw basestation3 versions 3.0.4 and earlier

Description: A problem was found in the load qc pickl function of the file basestation3/QC.py, which is affected by deserialization due to the manipulation of the qc file argument. This issue must be approached locally. The exploit has been made public and may be used. Although the code maintainer has tagged the issue as closed, there is no new confirmation or release available in the GitHub repository yet.

Recommendations: For iop-apl-uw basestation3 versions 3.0.4 and earlier, as a temporary workaround, consider disabling the load qc pickl function until a patch is available. Restrict access to the basestation3/QC.py file to minimize the risk of exploitation. Avoid using the qc file argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.