CVE-2025-10156: 
Python vulnerability analysis and mitigation

CVE-2025-10156 is a security vulnerability discovered in the ZIP archive scanning component of mmaitre314 picklescan. The vulnerability was disclosed on September 8, 2025, and affects versions 0.0.30 and earlier of the picklescan package. The issue allows remote attackers to bypass security scans through crafted ZIP archives containing files with bad Cyclic Redundancy Check (CRC) values (GitHub Advisory).

The vulnerability stems from an improper handling of exceptional conditions (CWE-693) in picklescan's ZIP archive processing. When encountering a file with a mismatched CRC within a ZIP archive, picklescan fails with an error instead of continuing to scan other potentially valid files. The vulnerability has been assigned a CVSS v4.0 base score of 9.3 CRITICAL with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (NVD).

The vulnerability allows attackers to hide malicious pickle payloads within ZIP archives that PyTorch might still be able to load, as PyTorch often disables CRC checks. This creates a significant security blind spot where malicious code can be distributed and potentially executed without detection by picklescan. A real-world example of this vulnerability has been demonstrated with the HuggingFace model repository (GitHub Advisory).

The vulnerability has been patched in version 0.0.31 of picklescan. The fix involves implementing a relaxed ZIP file handling mechanism that continues scanning even when encountering CRC errors. Organizations are strongly advised to upgrade to this version. For those unable to upgrade immediately, there is no effective workaround other than implementing additional security controls at other layers (GitHub Advisory).