CVE-2025-71360
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
The vulnerability in picklescan before version 0.0.29 fails to detect malicious pickle files using the idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
Risk Assessment
The organization is at risk of remote code execution (RCE) by loading a crafted pickle file, which could lead to system compromise, data theft, or further attack propagation.
Recommendation
Immediately update picklescan to version 0.0.29 or later, which includes a fix to detect malicious pickle files using the idlelib.calltip.get_entity function.
Original NVD description (English source)
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

