CVE-2025-5175

Exploit

EPSS 0.2%
Veröffentlicht 26.05.2025 07:31:06
Zuletzt bearbeitet 03.06.2025 15:43:45
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

erdogant pypickle pypickle.py save improper authorization

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Erdogant ≫ Pypickle Version < 2.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.095

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/erdogant/pypickle/commit/14b4cae704a0bb4eb6723e238f25382d847a1917

Patch

https://github.com/erdogant/pypickle/releases/tag/2.0.0

Release Notes

https://vuldb.com/?id.310263

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.310263

VDB Entry

Permissions Required

https://vuldb.com/?submit.579824

Third Party Advisory

VDB Entry

https://github.com/erdogant/pypickle/issues/3

Vendor Advisory

Exploit

Issue Tracking

https://github.com/erdogant/pypickle/issues/3#issuecomment-2888589652

Vendor Advisory

Exploit

Issue Tracking

https://github.com/erdogant/pypickle/issues/3#issue-3070689116

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-5175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5175

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-5175