CVE-2025-1945CRITICAL 9.8EPSS p39.5%

CVE-2025-1945CVE-2025-1945

Description

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfully loaded by PyTorch's torch.load(). This can lead to arbitrary code execution when loading a compromised model.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.5% · 2026-06-19T12:03:05Z
Published2025-03-10
Last modified2025-12-29

Underlying weaknesses· 1

CWE-345

References

  1. https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781
  2. https://github.com/mmaitre314/picklescan/security/advisories/GHSA-w8jq-xcqf-f792
  3. https://www.sonatype.com/security-advisories/cve-2025-1945

1

TypeTargetConfidenceTier
WeaknessInsufficient Verification of Data Authenticitycwe-3450%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1889
CVE
CVE-2026-24747
CVE
CVE-2025-49655
CVE
CVE-2026-38950
CVE
CVE-2025-1716
CVE
CVE-2025-54949
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.