What is CVE-2025-1944?

CVE-2025-1944 is a vulnerability in Mmaitre314 Picklescan, classified under Insufficient Verification of Data Authenticity. Published 2025-03-10.

Is CVE-2025-1944 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mmaitre314 Picklescan

CVE-2025-1944

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename…

EPSS: 0.001 (34.4th percentile) — read the EPSS interpretation.

Affected products

Mmaitre314 Picklescan — versions 0.0.1

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.sonatype.com/security-advisories/cve-2025-1944 (third-party-advisory)
github.com/mmaitre314/picklescan/security/advisories/GHSA-7q5r-7gvp-wc82 (vendor-advisory)
github.com/mmaitre314/picklescan/commit/e58e45e0d9e091159c1554f9b04828bbb40b9781 (patch)

Frequently asked questions

What is CVE-2025-1944?: CVE-2025-1944 is a vulnerability in Mmaitre314 Picklescan, classified under Insufficient Verification of Data Authenticity. Published 2025-03-10.
Is CVE-2025-1944 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.