CVE-2025-10155: Picklescan Fail Open Magic Error
When scanning files with PyTorch extensions, catching `InvalidMagicError` and returning an empty `ScanResult` causes a fail-open behavior. If an attacker renames a malicious standard pickle file to `.pt`, the scanner flags no issues, but the application may still parse the malicious payload successfully. The fix is to fall through and try scanning via other
greprules fetch cve-2025-10155-picklescan-fail-open-magic-error --engine opengrepDescription
When scanning files with PyTorch extensions, catching `InvalidMagicError` and returning an empty `ScanResult` causes a fail-open behavior. If an attacker renames a malicious standard pickle file to `.pt`, the scanner flags no issues, but the application may still parse the malicious payload successfully. The fix is to fall through and try scanning via other
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.