CVE-2025-71350
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
Picklescan before version 0.0.28 fails to detect malicious pickle files using the torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
Risk Assessment
The organization is at risk of remote code execution (RCE) by loading a crafted pickle file, potentially leading to system compromise or data theft.
Recommendation
Immediately update picklescan to version 0.0.28 or later and avoid loading pickle files from untrusted sources.
Original NVD description (English source)
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

