CVE Catalog

CVE-2025-71368

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.77%

51th percentile — higher than 51% of all known CVEs

Summary

The vulnerability in picklescan before version 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debug_script calls that bypass picklescan detection and execute arbitrary commands upon pickle.load invocation.

Risk Assessment

The organization is at risk of remote code execution by loading a crafted pickle file, which could lead to system compromise, data theft, or lateral movement within the internal network.

Recommendation

Immediately update picklescan to version 0.0.30 or later, which includes a fix to detect the doctest.debug_script function. Additionally, avoid loading pickle files from untrusted sources and implement input validation mechanisms.

Original NVD description (English source)

picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debug_script calls that bypass picklescan detection and execute arbitrary commands upon pickle.load invocation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS