Home

Description

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

PUBLISHED Reserved 2025-09-09 | Published 2025-09-17 | Updated 2025-09-17 | Assigner JFROG




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-755: Improper Handling of Exceptional Conditions

Product status

Default status
unaffected

Any version
affected

Credits

JFrog finder

@xdcrev finder

References

huggingface.co/...solve/main/pytorch_model.bin?download=true (Proof of Concept (Archive with Bad CRC)) exploit

huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main (Example of Failing Scan on Hugging Face) exploit

github.com/...blob/v0.0.29/src/picklescan/relaxed_zipfile.py (Vulnerable Code Snippet) related

github.com/...lescan/security/advisories/GHSA-mjqp-26hc-grxg vendor-advisory

cve.org (CVE-2025-10156)

nvd.nist.gov (CVE-2025-10156)

Download JSON