CVE-2025-10156CRITICAL 9.8EPSS p69.5%

CVE-2025-10156CVE-2025-10156

Description

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.43% probability of exploitation · percentile 69.5% · 2026-06-19T12:03:05Z
Published2025-09-17
Last modified2025-10-02

Underlying weaknesses· 1

CWE-755

References

  1. https://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35
  2. https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg
  3. https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true
  4. https://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main

1

TypeTargetConfidenceTier
WeaknessImproper Handling of Exceptional Conditionscwe-7550%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1945
CVE
CVE-2025-1889
CVE
CVE-2026-5121
CVE
CVE-2025-47372
CVE
CVE-2025-3486
CVE
CVE-2025-12556
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.