CVE-2025-71352
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk46th percentile — higher than 46% of all known CVEs
Summary
A vulnerability in picklescan before version 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.
Risk Assessment
The organization is at risk of remote code execution by loading a malicious pickle file, which could lead to system compromise, data theft, or further propagation of the attack within the network.
Recommendation
Immediately update picklescan to version 0.0.29 or later, and consider implementing additional validation mechanisms for pickle files before loading them.
Original NVD description (English source)
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.

