CVE-2025-10950

A vulnerability was determined in geyang ml-logger 0.10.36 and prior. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Published: Sep 25, 2025
Updated: Sep 26, 2025
CVE: CVE-2025-10950
GHSA: GHSA-57hm-8rjv-498w
Severity: Low
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWEs:

CWE-20
CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
ml-logger	-	0.10.36.x

https://github.com/geyang/ml-logger/issues/72
https://vuldb.com/?ctiid.325820
https://vuldb.com/?id.325820
https://vuldb.com/?submit.652461

Vulnerability Database

CVE-2025-10950

Deep Security Visibility Without the Complexity