How severe is CVE-2025-1889?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-1889?

This is classified as CWE-646, which is a common weakness in software security.

CVE-2025-1889

MEDIUM Year: 2025

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-646

View all →

Vulnerability Description

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not considered as part of the scope of picklescan, the file would pass security checks and appear to be safe, when it could instead prove to be problematic.

CVE-2024-38432

CRITICAL

CVSS:9.8(Critical)

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

CWE-6462024

CVE-2024-8517

CRITICAL

CVSS:9.8(Critical)

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart f...

CWE-6462024

CVE-2021-34639

HIGH

CVSS:8.8(High)

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some confi...

CWE-6462021

CVE-2023-45599

HIGH

CVSS:8.8(High)

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arb...

CWE-6462023