CVE-2025-4905

19.05.2025, 02:15

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	5.3 MEDIUM				CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/iop-apl-uw/basestation3/issues/6

https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757

https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868

https://vuldb.com/?ctiid.309461

https://vuldb.com/?id.309461

https://vuldb.com/?submit.578074

https://github.com/iop-apl-uw/basestation3/issues/6

https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757

https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868