{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36986?format=json","vulnerability_id":"VCID-ag3v-g92v-kbde","summary":"picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfully loaded by PyTorch's torch.load(). This can lead to arbitrary code execution when loading a compromised model.","aliases":[{"alias":"CVE-2025-1945"},{"alias":"GHSA-w8jq-xcqf-f792"},{"alias":"PYSEC-2025-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44604?format=json","purl":"pkg:pypi/picklescan@0.0.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.23"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44391?format=json","purl":"pkg:pypi/picklescan@0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/44392?format=json","purl":"pkg:pypi/picklescan@0.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/44393?format=json","purl":"pkg:pypi/picklescan@0.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/44394?format=json","purl":"pkg:pypi/picklescan@0.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/44395?format=json","purl":"pkg:pypi/picklescan@0.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/44396?format=json","purl":"pkg:pypi/picklescan@0.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/44397?format=json","purl":"pkg:pypi/picklescan@0.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/44398?format=json","purl":"pkg:pypi/picklescan@0.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/44399?format=json","purl":"pkg:pypi/picklescan@0.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/44400?format=json","purl":"pkg:pypi/picklescan@0.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/44401?format=json","purl":"pkg:pypi/picklescan@0.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/44402?format=json","purl":"pkg:pypi/picklescan@0.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/44403?format=json","purl":"pkg:pypi/picklescan@0.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/44404?format=json","purl":"pkg:pypi/picklescan@0.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/44405?format=json","purl":"pkg:pypi/picklescan@0.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/44406?format=json","purl":"pkg:pypi/picklescan@0.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/44407?format=json","purl":"pkg:pypi/picklescan@0.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/44408?format=json","purl":"pkg:pypi/picklescan@0.0.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.18"},{"url":"http://public2.vulnerablecode.io/api/packages/44409?format=json","purl":"pkg:pypi/picklescan@0.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/44410?format=json","purl":"pkg:pypi/picklescan@0.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/44411?format=json","purl":"pkg:pypi/picklescan@0.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-nvvk-8a8j-43gw"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/44475?format=json","purl":"pkg:pypi/picklescan@0.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-ag3v-g92v-kbde"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"},{"vulnerability":"VCID-jfcq-vpg2-pkdn"},{"vulnerability":"VCID-w2h9-74te-tqhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.22"}],"references":[{"reference_url":"https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-w8jq-xcqf-f792","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-w8jq-xcqf-f792"},{"reference_url":"https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-1945","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-1945"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.8 - 9.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ag3v-g92v-kbde"}