CVE Catalog

CVE-2025-71375

HighCVSS 8.1
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

28th percentile — higher than 28% of all known CVEs

Summary

Picklescan before version 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().

Risk Assessment

The organization is at risk of remote code execution (RCE) by loading a crafted pickle file, potentially leading to system compromise or data theft.

Recommendation

Immediately update picklescan to version 0.0.34 or later and consider additional security measures when loading pickle files.

Original NVD description (English source)

picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS