CVE-2025-71378
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk23th percentile - higher than 23% of all known CVEs
Summary
The vulnerability in picklescan before version 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to bypass scanning and execute arbitrary code when a malicious pickle file is loaded via pickle.load().
Risk Assessment
The organization is at risk of remote code execution (RCE) by loading a crafted pickle file, which could lead to system compromise or data theft.
Recommendation
Immediately update picklescan to version 0.0.30 or later. Additionally, avoid loading pickle files from untrusted sources.
Original NVD description (English source)
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load().

