CVE-2025-71323
CriticalCVSS 9.8Summary
Picklescan versions before 0.0.33 fail to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands.
Risk Assessment
Organizations are exposed to remote code execution, which can lead to serious security breaches and data loss. Bypassing sandbox protections increases the risk of successful attacks.
Recommendation
It is recommended to update picklescan to version 0.0.33 or later to block access to the ctypes module. Additionally, conducting a security audit of applications using picklescan is advisable.
Original NVD description (English source)
picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection.

