CVE-2025-10950: ml-logger deserialization vulnerability

September 25, 2025

A vulnerability was determined in geyang ml-logger 0.10.36 and prior. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

References

github.com/advisories/GHSA-57hm-8rjv-498w
github.com/geyang/ml-logger
github.com/geyang/ml-logger/issues/72
nvd.nist.gov/vuln/detail/CVE-2025-10950
vuldb.com/?ctiid.325820
vuldb.com/?id.325820
vuldb.com/?submit.652461

Code Behaviors & Features

Detect and mitigate CVE-2025-10950 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →