CVE-2025-71325
CriticalCVSS 9.8Summary
Picklescan before version 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes. This error allows malicious pickle files to bypass detection, potentially leading to unexpected exceptions.
Risk Assessment
The risk to the organization lies in the potential exploitation of malicious pickle files, which could lead to unauthorized access or other attacks. As a result, systems may be at risk, and data security could be compromised.
Recommendation
It is recommended to update picklescan to version 0.0.27 or later to eliminate this vulnerability. Additionally, implementing further scanning and validation mechanisms for pickle files is advisable.
Original NVD description (English source)
picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning.

