CVE-2025-10156
Published: 17 September 2025
Summary
CVE-2025-10156 is a critical-severity Improper Handling of Exceptional Conditions (CWE-755) vulnerability in Mmaitre314 Picklescan. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked in the top 30.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-10156 is an Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of the mmaitre314 picklescan tool. The flaw resides in relaxed_zipfile.py and allows a specially crafted ZIP containing a file with an invalid Cyclic Redundancy Check to cause the scanner to halt without examining the archive contents for malicious pickle payloads.
A remote attacker can supply the malformed archive to any application or workflow that relies on picklescan for safety checks. When the file is subsequently deserialized, arbitrary Python code contained in the undetected pickle can execute with the privileges of the loading process.
The associated GitHub Security Advisory GHSA-mjqp-26hc-grxg and the linked source file provide the primary references for understanding the issue and any subsequent fixes.
The vulnerability is relevant to AI/ML environments because picklescan is commonly used to inspect serialized model files distributed through repositories such as Hugging Face; the EPSS score has remained flat at 0.0128 with no material increase since disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-29708
Vulnerability details
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy…
more
Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Bypasses picklescan ZIP inspection via CRC exception (impairs detection tool); enables undetected malicious pickle loading for Python code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the improper exception handling flaw in picklescan's ZIP scanning component via timely patching as specified in the vendor advisory.
Mandates secure error handling for exceptional conditions like bad CRC in ZIP archives to prevent premature scanner halt and ensure full malicious pickle inspection.
Validates ZIP archive inputs for structural integrity including CRC checks prior to scanning, blocking malformed archives that could bypass analysis.