CVE-2025-46417 – This vulnerability in Picklescan versions befor... (How to Fix)

📋 TL;DR

This vulnerability in Picklescan versions before 0.0.25 allows data exfiltration via DNS requests after deserialization due to missing 'ssl' in unsafe globals. Attackers can exploit this to leak sensitive information from systems using vulnerable Picklescan. Affected are applications that deserialize untrusted data with Picklescan before version 0.0.25.

💻 Affected Systems

Products:

Picklescan

Versions: All versions before 0.0.25

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when deserializing untrusted data using Picklescan's unsafe globals detection.

📦 What is this software?

Picklescan by Mmaitre314

View all CVEs affecting Picklescan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive data exfiltration including credentials, API keys, or internal system information via DNS requests to attacker-controlled domains.

🟠

Likely Case

Information disclosure through DNS queries containing serialized data fragments, potentially revealing application internals or configuration details.

🟢

If Mitigated

Limited impact with proper network segmentation and DNS filtering preventing external communication.

🌐 Internet-Facing: MEDIUM - Exploitation requires deserialization of attacker-controlled data, but internet-facing applications processing such data are at risk.

🏢 Internal Only: LOW - Requires attacker to already have access to internal systems or ability to inject malicious serialized data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to inject malicious serialized data that triggers ssl.get_server_certificate calls with attacker-controlled parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.0.25

Vendor Advisory: https://github.com/advisories/GHSA-93mv-x874-956g

Restart Required: No

Instructions:

1. Update Picklescan to version 0.0.25 or later using pip: pip install --upgrade picklescan>=0.0.25
2. Verify the update with: pip show picklescan
3. Test that deserialization functions work correctly with the updated version.

🔧 Temporary Workarounds

Restrict DNS Outbound Traffic

linux

Block outbound DNS requests from applications using Picklescan to prevent data exfiltration.

iptables -A OUTPUT -p udp --dport 53 -j DROP
iptables -A OUTPUT -p tcp --dport 53 -j DROP

Input Validation

all

Implement strict validation of all serialized data inputs before processing with Picklescan.

🧯 If You Can't Patch

Implement network monitoring for unusual DNS queries from applications using Picklescan
Isolate systems using vulnerable Picklescan versions from external network access

🔍 How to Verify

Check if Vulnerable:

Check Picklescan version with: python -c "import picklescan; print(picklescan.__version__)" and verify it's below 0.0.25

Check Version:

python -c "import picklescan; print(picklescan.__version__)"

Verify Fix Applied:

Confirm version is 0.0.25 or higher with: python -c "import picklescan; print(picklescan.__version__)"

📡 Detection & Monitoring

Log Indicators:

Unexpected DNS resolution failures
Unusual ssl.get_server_certificate calls in application logs

Network Indicators:

DNS queries containing encoded or unusual data patterns
Outbound DNS requests to suspicious domains

SIEM Query:

source="dns" AND query=* AND (query CONTAINS "pickle" OR query CONTAINS "serialized" OR query LENGTH > 100)

📊 Metadata

CVE ID: CVE-2025-46417

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-184

EPSS Score: 0.12% exploit probability (31.6th percentile)

Published: April 24, 2025

Last Updated: October 1, 2025

🔗 References

https://github.com/advisories/GHSA-93mv-x874-956g Exploit,Third Party Advisory
https://github.com/mmaitre314/picklescan/pull/40 Issue Tracking,Patch
https://github.com/advisories/GHSA-93mv-x874-956g Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46417, you might also want to check these: