logo_clicknbuy.png

CVE-2025-4905 – Apache iop-apl-uw Basestation3 Deserialization Vulnerability

The following table lists the changes that have been made to the
CVE-2025-4905 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    May. 19, 2025

    Action Type Old Value New Value
    Added Description A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    Added CVSS V2 (AV:L/AC:L/Au:S/C:P/I:P/A:P)
    Added CWE CWE-20
    Added CWE CWE-502
    Added Reference https://github.com/iop-apl-uw/basestation3/issues/6
    Added Reference https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757
    Added Reference https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868
    Added Reference https://vuldb.com/?ctiid.309461
    Added Reference https://vuldb.com/?id.309461
    Added Reference https://vuldb.com/?submit.578074
Share the Post:

Related Posts