{"data":{"id":"f3b2f048-bd55-4fea-bea3-27e4a7d71223","title":"CVE-2025-1944: picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to e","summary":"picklescan before version 0.0.23 has a vulnerability where an attacker can manipulate a ZIP archive (a compressed file format) by changing filenames in the ZIP header while keeping the original filename in the directory listing. This causes picklescan to crash with a BadZipFile error when trying to scan PyTorch model files (machine learning models), but PyTorch's more forgiving ZIP handler still loads the model anyway, allowing malicious code to bypass the security scanner.","solution":"Upgrade picklescan to version 0.0.23 or later. The patch is available at https://github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-1944","publishedAt":"2025-03-10T16:15:10.967Z","cveId":"CVE-2025-1944","cweIds":["CWE-345"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["model_theft"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["PyTorch"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00135,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}