CVE Catalog

CVE-2025-71378

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile - higher than 23% of all known CVEs

Summary

The vulnerability in picklescan before version 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to bypass scanning and execute arbitrary code when a malicious pickle file is loaded via pickle.load().

Risk Assessment

The organization is at risk of remote code execution (RCE) by loading a crafted pickle file, which could lead to system compromise or data theft.

Recommendation

Immediately update picklescan to version 0.0.30 or later. Additionally, avoid loading pickle files from untrusted sources.

Original NVD description (English source)

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS