CVE-2025-4905

19.05.2025, 02:15

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	5.3 MEDIUM				CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
washington	basestation	3.0.0 ≤ 𝑥 ≤ 3.0.4

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

https://github.com/iop-apl-uw/basestation3/issues/6

https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757

https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868

https://vuldb.com/?ctiid.309461

https://vuldb.com/?id.309461

https://vuldb.com/?submit.578074

https://github.com/iop-apl-uw/basestation3/issues/6

https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757

https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868