CVE-2025-10155: 
Python vulnerability analysis and mitigation

An Improper Input Validation vulnerability (CVE-2025-10155) was discovered in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30. The vulnerability was disclosed on September 17, 2025. The vulnerability affects the picklescan package, a security tool designed to scan pickle files for potential threats (NVD).

The vulnerability stems from improper input validation in the scan_bytes function within picklescan/scanner.py. When a standard pickle file is given a PyTorch-related file extension (e.g., .bin), the scanner prioritizes PyTorch file extension checks and errors out instead of falling back to standard pickle analysis. The vulnerability has been assigned a CVSS v4.0 Base Score of 9.3 (Critical) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The vulnerability is classified as CWE-20 (Improper Input Validation) (NVD, GitHub Advisory).

The vulnerability allows attackers to bypass security checks by disguising malicious pickle payloads within files using common PyTorch extensions. This significantly weakens the security provided by PickleScan and opens the door to various supply chain attacks. Organizations and individuals relying on PickleScan to ensure the safety of PyTorch models or other files containing embedded pickle objects are affected. When exploited, malicious code can execute when the file is loaded by a vulnerable application or user (GitHub Advisory).

The vulnerability has been patched in version 0.0.31. The fix modifies the scanning logic to ensure that standard pickle scanning is attempted as a fallback mechanism when PyTorch scanning fails or is not applicable. The patch includes changes to the scan_bytes function to continue with other scan methods instead of returning an error when PyTorch scanning fails (GitHub Advisory).