QwikSec

Security Database

CVE

CWE

Training

CVE-2025-1716

Published: Feb 26, 2025

Modified: Dec 29, 2025

PUBLISHED

Description

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.

Vendor	Product	Versions
mmaitre314	picklescan	affected `0.0.1 - <= 0.0.20`

Weaknesses (CWE)

References

https://www.sonatype.com/security-advisories/cve-2025-1716

third-party-advisory

https://github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d

patch

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.