### Key Information Summary #### Vulnerability ID CVE-2025-1716 #### Vulnerability Description - **Issue**: In versions of `picklescan` prior to 0.0.21, there is an insecure deserialization vulnerability. This flaw allows attackers to bypass static analysis tools (such as `Picklescan`) and execute arbitrary code during the deserialization process. - **Impact**: - The vulnerability can lead to Remote Code Execution (RCE) and supply chain attacks. Specifically, attackers can create malicious Python packages containing harmful `setup.py` or `entry_point` files, upload them to GitHub or PyPI. When these packages are deserialized, the malicious code executes automatically. - The `picklescan` tool may fail to detect `pip.main()` calls, resulting in security tools being unable to identify this threat. #### Vulnerability Severity - **Rating**: Medium - **CVSS Score**: 5.3 - **CVSS Vector**: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/V:C/N:VI/L/VA:N/SC:N/SI:N/SA:N - **CWE ID**: CWE-184 #### Exploitation Method - Exploiting malicious Python packages and Pickle deserialization attacks #### Mitigation - Add `'pip': '*'` to the `unsafe_globals` list - Use `picklescan` version 0.0.21 or later, as this version resolves the issue by adding `pip` to its restricted globals list. #### References - **Vulnerability Disclosure History**: - CVE-2025-1358 - CVE-2025-12183 - CVE-2025-1945 - CVE-2025-1944 - CVE-2025-1889 #### Acknowledgments - Trevor Madge (@madgetr) of Sonatype