Picklescan version 0.0.31 fixes three vulnerabilities
Security Patch Release
Summary
Hide ▲
Show ▼
Picklescan version 0.0.31 now fixes three critical vulnerabilities that let malicious PyTorch models bypass scanning and reach arbitrary code execution. The patch closes the file-extension, ZIP CRC, and unsafe-globals bypass paths. Released on September 9, 2025 after June 29 responsible disclosure, the update reduces supply-chain risk for model-loading workflows.
Timeline
-
03.12.2025 11:30 2 articles · 5mo ago
Picklescan 0.0.31 release fixes three bypass flaws
Mitigation Patch UpdatePicklescan version 0.0.31 was released on September 9, 2025 to address CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157 after responsible disclosure on June 29, 2025. The update closes file-extension, ZIP CRC, and unsafe-globals bypass paths that could let malicious PyTorch model files evade scanning and reach arbitrary code execution.
Show sources
- Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code — thehackernews.com — 03.12.2025 11:30
- Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code — thehackernews.com — 03.12.2025 11:30
-
03.12.2025 11:30 1 articles · 5mo ago
JFrog discloses three Picklescan CVEs
Initial DisclosureJFrog disclosed three critical vulnerabilities in Picklescan, the open-source Python pickle scanner used with PyTorch, showing that CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157 could bypass file-extension, ZIP CRC, and unsafe-globals checks and let malicious models execute arbitrary code. The disclosed weaknesses affect scanning of untrusted PyTorch models and create a path for supply-chain abuse through concealed malicious pickle payloads.
Show sources
- Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code — thehackernews.com — 03.12.2025 11:30