CVE-2025-10155 is a critical vulnerability identified in the mmaitre314 picklescan tool, specifically affecting versions up to and including 0.0.30. Picklescan is designed to scan and validate Python pickle files to prevent the execution of malicious code embedded within them. The vulnerability arises from improper input validation (CWE-20) in the scanning logic. An attacker can exploit this flaw by supplying a standard pickle file but renaming it with a PyTorch-related file extension. Due to insufficient validation, picklescan incorrectly treats this file as safe and allows it to be loaded. Since pickle files can execute arbitrary code during deserialization, this leads to remote code execution (RCE) without requiring any user interaction, privileges, or authentication. The CVSS 4.0 score of 9.3 (critical) reflects the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation over a network with no prerequisites. Although no known exploits are reported in the wild yet, the vulnerability poses a significant risk to any system relying on picklescan for secure deserialization, especially in environments processing PyTorch or machine learning-related data. The lack of available patches further increases the urgency for mitigation.

For European organizations, the impact of CVE-2025-10155 can be severe, particularly those involved in AI, machine learning, data science, and research sectors where PyTorch and Python pickle files are commonly used. Successful exploitation could lead to unauthorized remote code execution, enabling attackers to compromise sensitive data, disrupt operations, or establish persistent footholds within corporate networks. This could affect confidentiality by exposing proprietary models or datasets, integrity by altering or injecting malicious code, and availability by causing system outages or ransomware deployment. Given the critical severity and network exploitability, organizations face risks of supply chain attacks, espionage, or sabotage. Additionally, regulatory frameworks such as GDPR impose strict data protection requirements, and breaches resulting from this vulnerability could lead to significant legal and financial penalties.

1. Immediate mitigation involves discontinuing the use of vulnerable picklescan versions (up to 0.0.30) until a patched release is available. 2. Implement strict file extension and content-type validation before processing pickle files, ensuring that files with PyTorch-related extensions are not automatically trusted. 3. Employ sandboxing or isolated environments for deserializing pickle files to contain potential malicious code execution. 4. Monitor network traffic and logs for unusual activity related to pickle file processing or unexpected file extensions. 5. Educate developers and data scientists about the risks of deserializing untrusted pickle files and encourage the use of safer serialization formats (e.g., JSON, protobuf) where feasible. 6. Apply network segmentation to limit exposure of systems handling pickle files. 7. Prepare incident response plans specifically addressing potential RCE attacks via deserialization vulnerabilities.