CVE-2025-4905

low-risk

Published 2025-05-19

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Basestation

Affected Vendors

Washington

References (9)

Exploit https://github.com/iop-apl-uw/basestation3/issues/6

Exploit https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757

Exploit https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868

Permissions Required https://vuldb.com/?ctiid.309461

Third Party Advisory https://vuldb.com/?id.309461

Third Party Advisory https://vuldb.com/?submit.578074

Exploit https://github.com/iop-apl-uw/basestation3/issues/6

Exploit https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757

Exploit https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal