CVE-2025-4905CRITICAL 9.8EPSS p31.7%

CVE-2025-4905CVE-2025-4905

Description

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.7% · 2026-06-19T12:03:05Z
Published2025-05-19
Last modified2025-06-12

Underlying weaknesses· 2

CWE-20CWE-502

References

  1. https://github.com/iop-apl-uw/basestation3/issues/6
  2. https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757
  3. https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868
  4. https://vuldb.com/?ctiid.309461
  5. https://vuldb.com/?id.309461
  6. https://vuldb.com/?submit.578074
  7. https://github.com/iop-apl-uw/basestation3/issues/6
  8. https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757

2

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2000
CVE
CVE-2025-11345
CVE
CVE-2025-1403
CVE
CVE-2025-11346
CVE
CVE-2026-28205
CVE
CVE-2025-10171
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.