CVE-2025-71368
HighCVSS 8.1Exploitation Probability (EPSS)
Elevated risk51th percentile — higher than 51% of all known CVEs
Summary
The vulnerability in picklescan before version 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debug_script calls that bypass picklescan detection and execute arbitrary commands upon pickle.load invocation.
Risk Assessment
The organization is at risk of remote code execution by loading a crafted pickle file, which could lead to system compromise, data theft, or lateral movement within the internal network.
Recommendation
Immediately update picklescan to version 0.0.30 or later, which includes a fix to detect the doctest.debug_script function. Additionally, avoid loading pickle files from untrusted sources and implement input validation mechanisms.
Original NVD description (English source)
picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debug_script calls that bypass picklescan detection and execute arbitrary commands upon pickle.load invocation.

