CVE-2025-5174

Exploit

EPSS 0.27%
Veröffentlicht 26.05.2025 07:00:12
Zuletzt bearbeitet 03.06.2025 15:43:36
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

erdogant pypickle pypickle.py load deserialization

A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affected by this issue is the function load of the file pypickle/pypickle.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Erdogant ≫ Pypickle Version < 2.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.176

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://vuldb.com/?id.310262

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.310262

VDB Entry

Permissions Required

https://vuldb.com/?submit.579157

Third Party Advisory

VDB Entry

https://github.com/erdogant/pypickle/issues/2

Vendor Advisory

Exploit

Issue Tracking

https://github.com/erdogant/pypickle/issues/2#issuecomment-2889146579

Vendor Advisory

Exploit

Issue Tracking

https://github.com/erdogant/pypickle/commit/14b4cae704a0bb4eb6723e238f25382d847a1917

Patch

https://github.com/erdogant/pypickle/releases/tag/2.0.0

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-5174

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5174

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5174

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-5174