CVE-2025-10950

MEDIUM

Pypi Ml-logger - Insecure Deserialization

Title source: rule

Description

A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

References (4)

Scores

CVSS v3 6.3
EPSS 0.0009
EPSS Percentile 24.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-502 CWE-20
Status draft

Affected Products (1)

pypi/ml-logger PyPI

Timeline

Published Sep 25, 2025
Tracked Since Feb 18, 2026