CVE Catalog
CVE-2025-71376
HighCVSS 8.1Summary
Picklescan before 0.0.29 fails to detect malicious pickle files, allowing attackers to embed undetected code in these files. This code can execute arbitrary commands when loaded by victims.
Risk Assessment
Organizations may be exposed to the execution of malicious code, leading to potential security breaches and data loss.
Recommendation
It is recommended to update picklescan to version 0.0.29 or later to mitigate this vulnerability.
Original NVD description (English source)
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.

