CVE-2025-10156

Name of the Vulnerable Software and Affected Versions mmaitre314 picklescan (affected versions not specified)

Description An Improper Handling of Exceptional Conditions vulnerability exists in the ZIP archive scanning component of mmaitre314 picklescan. This allows a remote attacker to bypass security scans by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC). When the file is incorrectly considered safe, it can lead to the execution of malicious code. The scanner halts and fails to analyze the contents for malicious pickle files when encountering a file with a bad CRC. This discrepancy between Picklescan and PyTorch's handling of CRC checks allows attackers to potentially hide malicious pickle payloads within ZIP archives that PyTorch might still be able to load. The issue occurs because Picklescan does not attempt to scan files within the archive when a bad CRC is detected, while PyTorch may bypass CRC checks in certain configurations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.