CVE-2025-71365
HighCVSS 8.1Summary
Picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.
Risk Assessment
Organizations may be at risk of executing malicious code due to loading crafted pickle files, potentially leading to severe security breaches and data loss.
Recommendation
It is recommended to update picklescan to version 0.0.33 or later to ensure protection against these malicious pickle files.
Original NVD description (English source)
picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.

