CVE-2025-1716
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions
9.8
CRITICAL
CVSS 3.1
EPSS 16.2%
Description
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not considered as part of the scope of picklescan, the file would pass security checks and appear to be safe, when it could instead prove to be problematic.
How to fix CVE-2025-1716
To remediate CVE-2025-1716, upgrade the affected package to a fixed version below.
- —upgrade to 0.0.22 or later
- —upgrade to 0.0.22 or later
- —upgrade to 78ce704227c51f070c0c5fb4b466d92c62a7aa3d or later
- —upgrade to 0.0.22 or later
Is CVE-2025-1716 being exploited?
Moderate — EPSS is 16.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 0.0.22
- from 0, < 0.0.22
- from 0, < 78ce704227c51f070c0c5fb4b466d92c62a7aa3d | from 0, < 0.0.21
- from 0, < 0.0.22
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |