Security Flaw in Picklescan Affects Data Integrity
CVE-2025-46417

6.8MEDIUM

Key Information:

Vendor: Picklescan
Status: Picklescan
Vendor: CVE Published:; 24 April 2025

What is CVE-2025-46417?

In versions prior to 0.0.25, Picklescan exhibits a vulnerability stemming from unsafe global variables that fail to properly secure SSL functionalities. This oversight enables potential data exfiltration via DNS queries after deserializing data. The function ssl.get_server_certificate lacks adequate protection, which may facilitate unauthorized data access. Users of earlier versions are advised to take immediate action to secure their systems.

Affected Version(s)

Picklescan 0 < 0.0.25

References

https://github.com/advisories/GHSA-93mv-x874-956g

https://github.com/mmaitre314/picklescan/pull/40

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2025

CVE-2025-46417 Data

JSON