What is the CVSS score of CVE-2025-1944?

CVE-2025-1944 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.1%.

Which versions of AI / ML are affected by CVE-2025-1944?

Organizations using picklescan before 0.0.23 should be aware of notable risk from CVE-2025-1944 rated CVSS 6.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-1944?

Yes, a public proof-of-concept exploit is available for CVE-2025-1944. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-1944?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

AI / ML CVE-2025-1944

MEDIUM

Insufficient Verification of Data Authenticity (CWE-345)

2025-03-10 103e4ec9-0a87-450b-af77-479448ddef11

GHSA-7q5r-7gvp-wc82

Authentication Bypass Denial Of Service AI / ML Pytorch

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:50 vuln.today

PoC Detected

Dec 29, 2025 - 15:16 vuln.today

Public exploit code

Patch released

Dec 29, 2025 - 15:16 nvd

Patch available

CVE Published

Mar 10, 2025 - 12:15 nvd

MEDIUM 6.5

DescriptionNVD

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the model to be loaded, enabling malicious payloads to bypass detection.

AnalysisAI

Technical ContextAI

This vulnerability (CWE-345: Insufficient Verification of Data Authenticity) affects picklescan. picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the model to be loaded, enabling malicious payloads to bypass detection.

Affected ProductsAI

Product: picklescan. Versions: up to 0.0.23.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

CVE-2025-1944 vulnerability details – vuln.today

Back

AI / ML CVE-2025-1944

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code