CVE Catalog

CVE-2025-71323

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

Picklescan versions before 0.0.33 fail to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands.

Risk Assessment

Organizations are exposed to remote code execution, which can lead to serious security breaches and data loss. Bypassing sandbox protections increases the risk of successful attacks.

Recommendation

It is recommended to update picklescan to version 0.0.33 or later to block access to the ctypes module. Additionally, conducting a security audit of applications using picklescan is advisable.

Original NVD description (English source)

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS