Picklescan scan bypass flaws multiple vulnerabilities security flaw (CVE-2025-10155)

Timeline

1. 03.12.2025 11:30 1 articles · 5mo ago

   Responsible disclosure of Picklescan bypass flaws

   Initial Disclosure

   Responsible disclosure of the three Picklescan bypass vulnerabilities occurred on June 29, 2025, starting remediation for the open-source scanner used to parse Python pickle files and detect suspicious imports or function calls before execution.

   Show sources

   • Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code — thehackernews.com — 03.12.2025 11:30

   Open in new tab
2. 03.12.2025 11:30 1 articles · 5mo ago

   Picklescan 0.0.31 fixes the bypass flaws

   Mitigation Patch Update

   Picklescan version 0.0.31 was released on September 9, 2025 to address the three bypass vulnerabilities affecting untrusted PyTorch models, closing the file-extension bypass, CRC-based ZIP scanning bypass, and unsafe globals check bypass paths.

   Show sources

   • Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code — thehackernews.com — 03.12.2025 11:30

   Open in new tab
3. 03.12.2025 11:30 2 articles · 5mo ago

   JFrog discloses Picklescan scan-bypass vulnerabilities

   Technical Analysis Update

   JFrog disclosed three critical flaws in Picklescan, tracked as CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157, showing that malicious actors could bypass file-extension checks, disable ZIP archive scanning with CRC errors, or undermine the unsafe globals check to execute arbitrary code against untrusted PyTorch models.

   Show sources

   • Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code — thehackernews.com — 03.12.2025 11:30
   • Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code — thehackernews.com — 03.12.2025 11:30

   Open in new tab