CVE-2025-10156

CRITICAL
Published Sep 17, 2025 Modified Oct 2, 2025 CWE-755

Description

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-755 CWE-755

Affected Products

Vendor Product
mmaitre314 picklescan

References

Frequently Asked Questions

What is CVE-2025-10156? +
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2025-10156? +
CVE-2025-10156 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-10156? +
CVE-2025-10156 affects products from mmaitre314, specifically: picklescan. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-10156? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-51502

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability …
CVE-2025-24478

A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests …
CVE-2024-47609

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS …
CVE-2025-9437

A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, …
CVE-2024-41886

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. …
CVE-2025-34193 9.8

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-10156 — free, no signup required.

Start Free Scan