CVE Catalog

CVE-2025-71325

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

Picklescan before version 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes. This error allows malicious pickle files to bypass detection, potentially leading to unexpected exceptions.

Risk Assessment

The risk to the organization lies in the potential exploitation of malicious pickle files, which could lead to unauthorized access or other attacks. As a result, systems may be at risk, and data security could be compromised.

Recommendation

It is recommended to update picklescan to version 0.0.27 or later to eliminate this vulnerability. Additionally, implementing further scanning and validation mechanisms for pickle files is advisable.

Original NVD description (English source)

picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS