Improper Handling of Exceptional Conditions in Picklescan by Mmaitre314
CVE-2025-10156

9.3CRITICAL

Key Information:

Vendor: Mmaitre314
Status: Picklescan
Vendor: CVE Published:; 17 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10156?

A vulnerability exists in the ZIP archive scanning component of Picklescan by Mmaitre314, allowing remote attackers to bypass security scans. By crafting a specially designed ZIP archive with a flawed Cyclic Redundancy Check (CRC), attackers can cause the scanner to stop functioning correctly. This failure prevents the effective analysis of potentially harmful pickle files. Consequently, when a file that is mistakenly deemed safe is executed, it can initiate the execution of malicious code, compromising system integrity.

Affected Version(s)

picklescan 0 <= 0.0.30

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10156 - Proof of Concept

References

https://huggingface.co/jinaai/jina-embeddings-v2-base-en/...

exploit

https://huggingface.co/jinaai/jina-embeddings-v2-base-en/...

exploit

https://github.com/mmaitre314/picklescan/blob/v0.0.29/src...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 17, 2025
👾
Exploit known to exist
Sep 17, 2025
Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 9, 2025

Credit

JFrog

@xdcrev