CVE Catalog

CVE-2025-71358

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

Picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().

Risk Assessment

Organizations may be at risk of executing malicious code, which can lead to data loss or system takeover. Exploitation of this vulnerability could have serious security implications.

Recommendation

It is recommended to update picklescan to version 0.0.29 or later to mitigate the risk associated with this vulnerability. Additionally, avoid loading pickle files from untrusted sources.

Original NVD description (English source)

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS