CVE-2025-5175

Sažetak

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component.

Reference

https://github.com/erdogant/pypickle/commit/14b4cae704a0bb4eb6723e238f25382d847a1917
https://github.com/erdogant/pypickle/issues/3
https://github.com/erdogant/pypickle/issues/3#issue-3070689116
https://github.com/erdogant/pypickle/issues/3#issuecomment-2888589652
https://github.com/erdogant/pypickle/releases/tag/2.0.0
https://vuldb.com/?ctiid.310263
https://vuldb.com/?id.310263
https://vuldb.com/?submit.579824
https://github.com/erdogant/pypickle/issues/3

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-06-2025 - 15:43

Objavljeno

26-05-2025 - 08:15