CVE-2025-5175 is a vulnerability identified in the erdogant pypickle library versions up to 1.1.5, specifically affecting the Save function within the pypickle/pypickle.py file. The core issue is improper authorization, which allows a local attacker with limited privileges (low privileges) to manipulate the Save function in a way that bypasses intended authorization controls. This vulnerability does not require user interaction or elevated privileges beyond local access, making it exploitable by any user with local access to the affected system. The improper authorization flaw could potentially allow unauthorized modification or saving of data, which may impact the integrity and confidentiality of the data managed by pypickle. However, the vulnerability does not affect availability directly, and the scope is limited to local exploitation. The vulnerability has been publicly disclosed, but there are no known exploits actively used in the wild at this time. The vendor has addressed the issue in version 2.0.0, and a patch identified by commit 14b4cae704a0bb4eb6723e238f25382d847a1917 is available. The CVSS v4.0 base score is 4.8, categorized as medium severity, reflecting the limited attack vector (local), low complexity, and low privileges required for exploitation, with partial impact on confidentiality, integrity, and availability.

For European organizations, the impact of this vulnerability depends largely on the deployment and use of the erdogant pypickle library within their software stacks. Since pypickle is a Python-related component, organizations using it in local environments or internal tools could face risks of unauthorized data manipulation by local users or insiders. This could lead to data integrity issues, unauthorized data modifications, or leakage of sensitive information if the Save function is used to persist critical data. The local attack requirement limits remote exploitation, reducing the risk from external attackers but increasing the importance of internal security controls. Organizations with multi-user systems, shared environments, or insufficient local access controls are more vulnerable. The vulnerability could also be leveraged in chained attacks where local access is already obtained, potentially escalating the impact. Given the medium severity, the direct impact on large-scale availability or widespread data breaches is limited, but the risk to data integrity and confidentiality in sensitive environments remains significant.

1. Immediate upgrade to erdogant pypickle version 2.0.0 or later, which contains the patch addressing the improper authorization issue. 2. Implement strict local access controls and user privilege management to limit the number of users who can execute or interact with the vulnerable Save function. 3. Conduct an audit of all systems using pypickle to identify affected versions and usage contexts, prioritizing those with sensitive data or multi-user access. 4. Employ application-level authorization checks as an additional layer to ensure that even if the library is vulnerable, unauthorized Save operations are blocked. 5. Monitor local system logs for unusual activity related to pypickle usage, especially Save function calls, to detect potential exploitation attempts. 6. Educate internal users about the risks of local exploitation and enforce policies to prevent unauthorized local access. 7. If upgrading immediately is not feasible, consider isolating affected systems or running pypickle processes under restricted user accounts with minimal privileges.