CVE-2025-4905 | iop-apl-uw basestation3 up to 3.0.4 basestation3/QC.py load_qc_pickl qc_file deserialization

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization.

The identification of this vulnerability is CVE-2025-4905. An attack has to be approached locally. Furthermore, there is an exploit available.

The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.

CVE-2025-4905 | iop-apl-uw basestation3 up to 3.0.4 basestation3/QC.py load_qc_pickl qc_file deserialization

Post correlati

CVE-2024-56955 | Tencent QQMail 6.6.4 on iOS Link information disclosure

CVE-2024-56508 | Kovah LinkAce up to 1.15.5 File Upload cross site scripting (GHSA-2wvv-4576-8862)

CVE-2024-4627 | Rank Math SEO Plugin up to 1.0.218 on WordPress Setting cross site scripting

CVE-2024-46784 | Linux Kernel up to 6.1.109/6.6.50/6.10.9 mana napi_disable denial of service