CVE-2025-10157
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-11-13

Assigner: JFrog

Description
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-11-13
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-10157
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mmaitre314 picklescan to 0.0.31 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Protection Mechanism Failure in the mmaitre314 picklescan tool (versions up to 0.0.30) that allows a remote attacker to bypass the unsafe globals check. The scanner only performs an exact match for module names, so an attacker can exploit this by using submodules of dangerous packages (for example, 'asyncio.unix_events' instead of 'asyncio'). This causes the scanner to incorrectly consider a malicious file as safe, which when loaded after scanning, can lead to execution of malicious code.

Impact Analysis

This vulnerability can allow an attacker to execute malicious code remotely by bypassing the safety checks of the picklescan scanner. This could lead to unauthorized code execution on your system, potentially compromising system integrity, confidentiality, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10157. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart