CVE-2025-4905

Exploit

EPSS 0.4%
Veröffentlicht 19.05.2025 01:31:04
Zuletzt bearbeitet 12.06.2025 16:26:43
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

iop-apl-uw basestation3 QC.py load_qc_pickl deserialization

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Washington ≫ Basestation Version >= 3.0.0 <= 3.0.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.317

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://vuldb.com/?id.309461

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.309461

VDB Entry

Permissions Required

https://vuldb.com/?submit.578074

Third Party Advisory

VDB Entry

https://github.com/iop-apl-uw/basestation3/issues/6

Exploit

Issue Tracking

https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757

Exploit

Issue Tracking

https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-4905

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4905

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4905

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-4905