CVE-2025-10156 – This vulnerability allows attackers to bypass s... (How to Fix)

Q: What is the severity of CVE-2025-10156?

CVE-2025-10156 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass security scans in mmaitre314 picklescan by crafting ZIP archives with bad CRC values. When exploited, malicious pickle files can evade detection and execute arbitrary code. Anyone using picklescan to scan ZIP archives for malicious pickle files is affected.

📋 TL;DR

This vulnerability allows attackers to bypass security scans in mmaitre314 picklescan by crafting ZIP archives with bad CRC values. When exploited, malicious pickle files can evade detection and execute arbitrary code. Anyone using picklescan to scan ZIP archives for malicious pickle files is affected.

💻 Affected Systems

Products:

mmaitre314 picklescan

Versions: Versions before v0.0.30

Operating Systems: All operating systems where picklescan runs

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using picklescan to scan ZIP archives containing pickle files is vulnerable regardless of configuration.

📦 What is this software?

Picklescan by Mmaitre314

View all CVEs affecting Picklescan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Malicious pickle files bypassing security scans and executing on vulnerable systems, potentially leading to malware installation or data exfiltration.

🟢

If Mitigated

Scanning bypass prevented, but system remains vulnerable to other attack vectors; no code execution occurs.

🌐 Internet-Facing: HIGH - Attackers can craft malicious ZIP archives and deliver them via web applications, email attachments, or downloads.

🏢 Internal Only: MEDIUM - Risk exists if internal users process untrusted ZIP files, but attack surface is smaller than internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept is available in the GitHub advisory. Crafting malicious ZIP archives with bad CRC values is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.0.30

Vendor Advisory: https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg

Restart Required: No

Instructions:

1. Update picklescan to version v0.0.30 or later. 2. Run: pip install --upgrade picklescan>=0.0.30

🔧 Temporary Workarounds

Disable ZIP scanning

all

Temporarily disable ZIP archive scanning in picklescan until patched

Modify configuration to skip ZIP files or use alternative scanning methods

Pre-scan validation

linux

Use external tools to validate ZIP integrity before picklescan processing

Use zip -T or similar commands to check CRC before scanning

🧯 If You Can't Patch

Implement network segmentation to isolate systems running picklescan
Deploy application allowlisting to prevent execution of unauthorized pickle files

🔍 How to Verify

Check if Vulnerable:

Check picklescan version: pip show picklescan | grep Version

Check Version:

pip show picklescan | grep Version

Verify Fix Applied:

Confirm version is v0.0.30 or later and test with known malicious ZIP containing bad CRC

📡 Detection & Monitoring

Log Indicators:

Failed ZIP scans with CRC errors
Picklescan process crashes during archive scanning

Network Indicators:

Unusual outbound connections from systems after processing ZIP files
Downloads of ZIP archives followed by pickle file execution

SIEM Query:

process.name:"picklescan" AND (event.action:"scan_failed" OR log.message:"CRC error")

📊 Metadata

CVE ID: CVE-2025-10156

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-755

EPSS Score: 0.27% exploit probability (50.4th percentile)

Published: September 17, 2025

Last Updated: October 2, 2025

🔗 References

https://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35 Product
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg Exploit,Vendor Advisory
https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true Not Applicable
https://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10156, you might also want to check these: