CVE Catalog

CVE-2025-71352

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.64%

46th percentile — higher than 46% of all known CVEs

Summary

A vulnerability in picklescan before version 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.

Risk Assessment

The organization is at risk of remote code execution by loading a malicious pickle file, which could lead to system compromise, data theft, or further propagation of the attack within the network.

Recommendation

Immediately update picklescan to version 0.0.29 or later, and consider implementing additional validation mechanisms for pickle files before loading them.

Original NVD description (English source)

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS